diff --git a/docs/security/agent/grype-25.10.1.json b/docs/security/agent/grype-25.10.1.json index 06de9d9..46c12df 100644 --- a/docs/security/agent/grype-25.10.1.json +++ b/docs/security/agent/grype-25.10.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -257,8 +257,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -352,8 +352,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -420,8 +420,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -526,8 +526,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -605,8 +605,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -709,8 +709,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -754,8 +754,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -849,8 +849,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -894,8 +894,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -989,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1055,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1158,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1224,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1327,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1383,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1548,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1651,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1724,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1876,8 +1876,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1968,8 +1968,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2017,8 +2017,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2120,8 +2120,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2180,8 +2180,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2272,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2321,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2413,8 +2413,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2479,8 +2479,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2574,8 +2574,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2640,8 +2640,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2746,8 +2746,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2813,8 +2813,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2911,8 +2911,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2986,8 +2986,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -3084,8 +3084,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3284,8 +3284,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3361,8 +3361,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3467,8 +3467,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3521,8 +3521,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3619,8 +3619,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3667,8 +3667,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3759,8 +3759,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3825,8 +3825,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3920,8 +3920,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3986,8 +3986,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -4095,8 +4095,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -4187,8 +4187,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4253,8 +4253,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4348,8 +4348,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4414,8 +4414,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4520,8 +4520,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4570,8 +4570,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4662,8 +4662,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4710,8 +4710,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4779,39 +4779,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4819,28 +4819,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4848,25 +4848,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4874,21 +4874,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -4905,11 +4905,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4919,38 +4930,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4959,25 +4970,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4988,17 +4999,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5006,7 +5017,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5014,21 +5025,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5042,14 +5053,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5059,20 +5081,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5080,77 +5102,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,18 +5150,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5184,24 +5176,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -5215,29 +5204,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5253,77 +5242,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5331,17 +5290,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5349,7 +5308,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5357,24 +5316,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5388,48 +5344,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5437,16 +5382,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5470,31 +5415,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5502,16 +5460,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5534,7 +5492,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5576,20 +5534,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5597,16 +5555,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5630,48 +5588,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5694,7 +5665,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5747,20 +5718,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5768,18 +5739,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5787,58 +5758,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5853,21 +5814,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5881,37 +5842,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5919,75 +5880,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5996,7 +5963,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6005,19 +5972,22 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -6035,22 +6005,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -6060,134 +6019,210 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.1" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b2050fe1de2cbb81", - "name": "fluent-bit", - "version": "25.10.1", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6195,47 +6230,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6250,21 +6296,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6278,55 +6324,2197 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b2050fe1de2cbb81", + "name": "fluent-bit", + "version": "25.10.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -6335,48 +8523,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -6392,21 +8578,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -6420,13 +8606,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6437,20 +8623,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6458,10 +8644,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6469,42 +8663,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6519,21 +8731,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6547,23 +8759,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6575,20 +8781,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6596,10 +8802,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6607,42 +8821,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6657,21 +8889,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6685,23 +8917,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6713,77 +8939,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6796,18 +9008,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6822,24 +9034,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6853,13 +9062,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6870,77 +9079,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6953,18 +9148,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6979,24 +9174,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7010,23 +9202,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -7038,73 +9230,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7121,18 +9316,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7147,24 +9342,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7178,27 +9373,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7210,73 +9401,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7293,18 +9487,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7319,24 +9513,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7350,27 +9544,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7382,20 +9572,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7403,64 +9593,76 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02314 + "risk": 0.017945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7468,17 +9670,17 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7486,7 +9688,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7494,24 +9696,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -7525,120 +9727,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7646,7 +9856,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7654,24 +9864,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7685,135 +9892,145 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7821,21 +10038,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7849,122 +10069,138 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7979,21 +10215,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8007,42 +10246,48 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8050,18 +10295,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8069,47 +10314,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8124,21 +10369,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -8152,13 +10397,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8169,39 +10414,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8209,54 +10454,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8264,21 +10523,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8295,22 +10554,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8320,88 +10568,132 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8416,21 +10708,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8444,13 +10739,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8461,104 +10756,93 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8573,24 +10857,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -8604,23 +10885,23 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -8632,111 +10913,108 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8744,24 +11022,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8775,25 +11050,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8803,114 +11067,99 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.017945 + "advisories": [], + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8919,7 +11168,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8927,24 +11176,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8958,25 +11204,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8986,38 +11221,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9026,60 +11267,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01728 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9095,21 +11329,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9123,13 +11357,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9140,20 +11374,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9161,17 +11395,17 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9180,46 +11414,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9235,21 +11474,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9263,55 +11502,55 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9320,60 +11559,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01449 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9381,7 +11611,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9389,21 +11619,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9417,147 +11647,137 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -9574,24 +11794,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -9605,13 +11822,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9622,39 +11839,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9662,53 +11879,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -9723,21 +11935,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -9751,23 +11963,23 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -9779,37 +11991,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,59 +12031,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9888,21 +12087,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9916,13 +12115,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9933,20 +12132,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9954,79 +12153,79 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.012759999999999999 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10042,21 +12241,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10070,13 +12272,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10087,99 +12289,100 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10187,7 +12390,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10195,21 +12398,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, - "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10223,14 +12429,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10240,93 +12457,79 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10337,23 +12540,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10361,7 +12558,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10369,24 +12566,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10400,110 +12597,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10514,23 +12712,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10546,24 +12738,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10577,73 +12769,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10651,72 +12841,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10724,21 +12897,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -10752,14 +12925,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10769,20 +12953,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10790,17 +12974,17 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -10809,46 +12993,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10856,7 +13042,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10864,21 +13050,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10895,11 +13081,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10909,100 +13106,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 6.5, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11010,7 +13195,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11018,24 +13203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3784", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11049,14 +13231,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11066,100 +13259,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11175,24 +13356,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11206,23 +13384,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11234,100 +13412,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11343,24 +13509,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11374,27 +13537,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11406,100 +13565,99 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } - ], - "epss": [ - { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "epss": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], - "risk": 0.009785 + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -11507,7 +13665,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11515,24 +13673,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11546,29 +13701,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11601,8 +13741,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11667,8 +13807,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11762,8 +13902,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11828,8 +13968,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11934,8 +14074,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12004,8 +14144,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12105,8 +14245,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12175,8 +14315,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12264,39 +14404,198 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007125000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + ], + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -12304,67 +14603,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12372,21 +14678,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12400,14 +14706,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12417,38 +14734,44 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -12457,51 +14780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -12517,21 +14857,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12545,37 +14885,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12583,18 +14923,18 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -12602,59 +14942,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12662,21 +14997,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -12690,148 +15025,135 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 4.7, + "baseScore": 5.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12839,21 +15161,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12867,25 +15189,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12895,20 +15206,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12916,18 +15227,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12935,41 +15246,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006875 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12977,18 +15275,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13009,7 +15307,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13048,87 +15346,105 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13143,21 +15459,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13171,127 +15490,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006695 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13299,7 +15612,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13307,21 +15620,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13335,37 +15651,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13373,18 +15700,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -13392,47 +15719,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13447,21 +15763,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13475,120 +15791,91 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13605,24 +15892,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "0:3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "ead6ec3a96c03e8e", + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13639,117 +15923,98 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13766,24 +16031,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "7acafa332217c3b4", + "name": "openssl-fips-provider-so", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13800,69 +16062,71 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -13871,68 +16135,35 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" - ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13940,7 +16171,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13948,21 +16179,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13976,17 +16207,28 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -14016,8 +16258,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14104,8 +16346,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14134,18 +16376,187 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.00504 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -14159,13 +16570,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14176,112 +16587,107 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00504 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14297,24 +16703,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -14328,13 +16734,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14368,8 +16774,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14431,8 +16837,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14526,8 +16932,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14589,8 +16995,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14695,8 +17101,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14758,8 +17164,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14868,8 +17274,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14931,8 +17337,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -15041,8 +17447,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15101,8 +17507,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15168,151 +17574,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -15338,8 +17599,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15387,8 +17648,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15490,8 +17751,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15539,8 +17800,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15642,8 +17903,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15712,8 +17973,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15812,8 +18073,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15882,8 +18143,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15982,8 +18243,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16052,8 +18313,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16152,8 +18413,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16222,8 +18483,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16322,8 +18583,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16385,8 +18646,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16480,8 +18741,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16543,8 +18804,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16649,8 +18910,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16697,8 +18958,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16789,8 +19050,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16850,8 +19111,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16942,8 +19203,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17005,8 +19266,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17097,8 +19358,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17163,8 +19424,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17258,8 +19519,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17324,8 +19585,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17412,7 +19673,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17509,7 +19770,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17997,107 +20258,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.10.1.md b/docs/security/agent/grype-25.10.1.md index 79470e7..15579c5 100644 --- a/docs/security/agent/grype-25.10.1.md +++ b/docs/security/agent/grype-25.10.1.md @@ -8,6 +8,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -16,22 +17,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.10.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | @@ -72,7 +82,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -82,6 +91,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -91,25 +101,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.10.10.json b/docs/security/agent/grype-25.10.10.json index 6befde6..409e3f8 100644 --- a/docs/security/agent/grype-25.10.10.json +++ b/docs/security/agent/grype-25.10.10.json @@ -25,8 +25,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -93,8 +93,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -188,8 +188,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -256,8 +256,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -362,8 +362,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -441,8 +441,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -545,8 +545,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -590,8 +590,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -685,8 +685,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -730,8 +730,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -825,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -891,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -994,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1060,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1163,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1219,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1311,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1384,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1487,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1560,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1712,8 +1712,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1804,8 +1804,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1853,8 +1853,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1956,8 +1956,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2016,8 +2016,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2108,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2157,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2249,8 +2249,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2315,8 +2315,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2410,8 +2410,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2476,8 +2476,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2582,8 +2582,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2649,8 +2649,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2747,8 +2747,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2822,8 +2822,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2920,8 +2920,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3016,8 +3016,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3120,8 +3120,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3174,8 +3174,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3272,8 +3272,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3320,8 +3320,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3412,8 +3412,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3478,8 +3478,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3573,8 +3573,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3639,8 +3639,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3748,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -3840,8 +3840,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -3906,8 +3906,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4001,8 +4001,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4067,8 +4067,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4173,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4223,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4315,8 +4315,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4363,8 +4363,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4432,39 +4432,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4472,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4501,25 +4501,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4527,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4558,11 +4558,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4572,38 +4583,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4612,25 +4623,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4641,17 +4652,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4659,7 +4670,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4667,21 +4678,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4695,14 +4706,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4712,20 +4734,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4733,77 +4755,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,18 +4803,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4837,24 +4829,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -4868,29 +4857,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -4906,77 +4895,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4984,17 +4943,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5002,7 +4961,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5010,24 +4969,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5041,48 +4997,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5090,16 +5035,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5123,31 +5068,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5155,16 +5113,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5187,7 +5145,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5229,20 +5187,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5208,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,48 +5241,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5347,7 +5318,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5400,20 +5371,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5421,18 +5392,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5440,58 +5411,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5506,21 +5467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5534,37 +5495,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5572,75 +5533,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5649,7 +5616,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5658,19 +5625,22 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -5688,22 +5658,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5713,97 +5672,2466 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.10" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "af1ef2b90efeccfe", + "name": "fluent-bit", + "version": "25.10.10", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.10", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.10" - } + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "af1ef2b90efeccfe", - "name": "fluent-bit", - "version": "25.10.10", - "type": "binary", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.10", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -5830,9 +8158,9 @@ "epss": [ { "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ @@ -5848,7 +8176,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { @@ -5860,34 +8188,187 @@ "https://access.redhat.com/security/cve/CVE-2026-0988", "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -5895,7 +8376,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5903,21 +8384,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -5931,14 +8412,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5948,20 +8434,20 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5969,16 +8455,16 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -5988,47 +8474,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -6037,7 +8534,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6045,21 +8542,21 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -6073,14 +8570,19 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6090,31 +8592,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6122,31 +8632,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6154,17 +8661,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6172,21 +8687,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6200,25 +8715,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6228,31 +8732,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6260,31 +8772,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6292,10 +8801,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6310,21 +8827,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6338,23 +8855,23 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -6366,73 +8883,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6449,25 +8969,25 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6475,24 +8995,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6506,14 +9026,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6523,73 +9054,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6606,18 +9140,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6632,24 +9166,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6663,23 +9197,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -6691,100 +9225,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6792,7 +9326,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6800,24 +9334,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6831,29 +9362,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6863,100 +9379,86 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6964,7 +9466,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6972,24 +9474,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -7003,29 +9502,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7035,103 +9519,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7147,24 +9628,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7178,128 +9656,156 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:2.3.3-5.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.02314 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7307,24 +9813,24 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7338,67 +9844,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7406,60 +9901,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7474,21 +9962,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -7502,17 +9990,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -7524,39 +10018,39 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7564,67 +10058,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7632,21 +10127,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7660,19 +10155,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "BSD" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7682,20 +10172,20 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7703,18 +10193,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7722,47 +10212,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7777,21 +10281,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7808,10 +10312,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7822,39 +10326,45 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -7862,54 +10372,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7917,21 +10434,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7945,25 +10462,14 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7973,20 +10479,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7994,17 +10500,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8013,47 +10519,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8069,21 +10579,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8097,37 +10607,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8135,64 +10645,52 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8200,18 +10698,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -8226,24 +10724,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8257,129 +10752,136 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -8389,7 +10891,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8397,24 +10899,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -8428,25 +10927,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8456,39 +10944,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -8496,68 +10984,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01728 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8565,21 +11040,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "e28c009b2c72d8a9", + "name": "systemd-libs", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -8593,14 +11068,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8610,37 +11096,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8650,45 +11136,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8705,21 +11192,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -8733,13 +11220,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8750,100 +11237,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01449 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" - ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8859,21 +11346,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8887,13 +11377,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8904,139 +11394,108 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { "versions": [ - "0:2.3.3-5.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.013770000000000001 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9044,24 +11503,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9075,14 +11534,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9092,92 +11562,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01363 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9193,21 +11671,24 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9221,23 +11702,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -9249,100 +11734,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013109999999999998 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9350,7 +11835,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9358,21 +11843,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9386,14 +11874,29 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9403,20 +11906,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9424,17 +11927,17 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9443,60 +11946,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012759999999999999 + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], - "epss": [ - { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "epss": [ + { + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9504,7 +11994,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9512,21 +12002,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -9540,14 +12030,25 @@ ], "language": "", "licenses": [ - "BSD" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9557,44 +12058,38 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9603,53 +12098,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9657,7 +12147,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9665,21 +12155,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9693,14 +12183,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9710,45 +12211,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -9756,40 +12251,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -9797,31 +12282,25 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9829,21 +12308,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9857,14 +12336,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9874,20 +12364,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.7, + "exploitabilityScore": 2.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9895,17 +12385,17 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9914,46 +12404,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9961,7 +12453,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9969,21 +12461,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10000,11 +12492,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10014,100 +12517,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10115,7 +12606,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10123,24 +12614,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10154,14 +12642,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10171,20 +12670,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10192,79 +12691,78 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10272,7 +12770,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10280,24 +12778,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10306,30 +12801,19 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" + } } ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10339,82 +12823,86 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10422,17 +12910,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10440,7 +12928,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10448,24 +12936,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10479,114 +12967,103 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10594,17 +13071,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10620,24 +13097,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10651,69 +13128,71 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10737,49 +13216,53 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0072250000000000005 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10802,7 +13285,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", + "vulnerabilityID": "CVE-2025-11187", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -10844,37 +13327,43 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10898,49 +13387,53 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0072250000000000005 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10963,7 +13456,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", + "vulnerabilityID": "CVE-2025-11187", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -11016,114 +13509,99 @@ }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11139,24 +13617,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11170,132 +13645,130 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -11310,24 +13783,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -11341,66 +13811,72 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -11409,41 +13885,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11451,17 +13930,23 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11483,7 +13968,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } @@ -11522,20 +14007,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11543,18 +14028,18 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -11562,52 +14047,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -11622,21 +14102,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11650,108 +14130,127 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11759,7 +14258,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11767,21 +14266,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -11795,72 +14294,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ], @@ -11869,66 +14351,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ] @@ -11936,7 +14398,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11944,21 +14406,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11972,25 +14434,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12000,99 +14451,104 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006875 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12108,21 +14564,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12136,111 +14595,129 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12248,21 +14725,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12276,127 +14756,103 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" - ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12412,21 +14868,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12440,37 +14896,37 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12478,18 +14934,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12497,47 +14953,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12552,21 +14997,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl-fips-provider", + "version": "0:3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "3f743355082e9e4b", + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12580,13 +15025,23 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12597,103 +15052,74 @@ }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0060999999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12702,7 +15128,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12710,24 +15136,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "039e508ce9d5da38", + "name": "openssl-fips-provider-so", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12741,120 +15164,110 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "upstreams": [ + { + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12877,11 +15290,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], @@ -12930,114 +15340,126 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 6.2, + "baseScore": 7.7, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005979999999999999 + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.00508 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/errata/RHSA-2026:2064", + "https://access.redhat.com/errata/RHSA-2026:2072", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", + "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13053,21 +15475,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -13081,13 +15506,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13098,125 +15523,106 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00508 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/errata/RHSA-2026:1323", - "https://access.redhat.com/errata/RHSA-2026:1324", - "https://access.redhat.com/errata/RHSA-2026:1326", - "https://access.redhat.com/errata/RHSA-2026:1327", - "https://access.redhat.com/errata/RHSA-2026:1465", - "https://access.redhat.com/errata/RHSA-2026:1608", - "https://access.redhat.com/errata/RHSA-2026:1624", - "https://access.redhat.com/errata/RHSA-2026:1625", - "https://access.redhat.com/errata/RHSA-2026:1626", - "https://access.redhat.com/errata/RHSA-2026:1627", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/errata/RHSA-2026:1736", - "https://access.redhat.com/errata/RHSA-2026:2064", - "https://access.redhat.com/errata/RHSA-2026:2072", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2633", - "https://access.redhat.com/errata/RHSA-2026:2659", - "https://access.redhat.com/errata/RHSA-2026:2671", - "https://access.redhat.com/errata/RHSA-2026:2974", - "https://access.redhat.com/errata/RHSA-2026:3415", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -13233,24 +15639,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -13264,13 +15670,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13304,8 +15710,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13367,8 +15773,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13462,8 +15868,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13525,8 +15931,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13631,8 +16037,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13694,8 +16100,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13804,8 +16210,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13867,8 +16273,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13977,8 +16383,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -14037,8 +16443,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -14104,151 +16510,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -14274,8 +16535,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14323,8 +16584,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14426,8 +16687,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14475,8 +16736,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14578,8 +16839,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14648,8 +16909,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14748,8 +17009,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14818,8 +17079,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14918,8 +17179,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14988,8 +17249,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15088,8 +17349,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15158,8 +17419,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15258,8 +17519,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15321,8 +17582,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15416,8 +17677,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15479,8 +17740,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15585,8 +17846,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15633,8 +17894,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15725,8 +17986,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -15786,8 +18047,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -15878,8 +18139,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -15941,8 +18202,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16033,8 +18294,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16099,8 +18360,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16194,8 +18455,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16260,8 +18521,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16348,7 +18609,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -16445,7 +18706,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -16941,107 +19202,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.10.10.md b/docs/security/agent/grype-25.10.10.md index 705573c..9ca4635 100644 --- a/docs/security/agent/grype-25.10.10.md +++ b/docs/security/agent/grype-25.10.10.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -15,19 +16,28 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.10.10 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.10 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd-libs | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | @@ -66,7 +76,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -76,6 +85,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -85,25 +95,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.10.11.json b/docs/security/agent/grype-25.10.11.json index 605fe08..647ad82 100644 --- a/docs/security/agent/grype-25.10.11.json +++ b/docs/security/agent/grype-25.10.11.json @@ -25,8 +25,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -93,8 +93,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -188,8 +188,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -256,8 +256,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -362,8 +362,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -441,8 +441,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -545,8 +545,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -590,8 +590,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -685,8 +685,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -730,8 +730,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -825,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -891,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -994,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1060,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1163,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1219,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1311,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1384,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1487,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1560,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1712,8 +1712,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1804,8 +1804,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1853,8 +1853,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1956,8 +1956,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2016,8 +2016,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2108,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2157,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2249,8 +2249,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2315,8 +2315,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2410,8 +2410,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2476,8 +2476,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2582,8 +2582,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2649,8 +2649,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2747,8 +2747,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2822,8 +2822,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2920,8 +2920,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3016,8 +3016,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3120,8 +3120,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3174,8 +3174,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3272,8 +3272,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3320,8 +3320,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3412,8 +3412,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3478,8 +3478,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3573,8 +3573,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3639,8 +3639,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3748,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -3840,8 +3840,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -3906,8 +3906,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4001,8 +4001,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4067,8 +4067,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4173,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4223,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4315,8 +4315,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4363,8 +4363,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4432,39 +4432,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4472,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4501,25 +4501,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4527,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4558,11 +4558,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4572,38 +4583,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4612,25 +4623,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4641,17 +4652,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4659,7 +4670,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4667,21 +4678,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4695,14 +4706,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4712,20 +4734,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4733,77 +4755,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,18 +4803,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4837,24 +4829,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -4868,29 +4857,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -4906,77 +4895,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4984,17 +4943,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5002,7 +4961,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5010,24 +4969,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5041,48 +4997,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5090,16 +5035,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5123,31 +5068,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5155,16 +5113,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5187,7 +5145,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5229,20 +5187,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5208,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,48 +5241,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5347,7 +5318,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5400,20 +5371,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5421,18 +5392,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5440,58 +5411,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5506,21 +5467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5534,37 +5495,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5572,75 +5533,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5649,7 +5616,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5658,19 +5625,22 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -5688,22 +5658,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5713,97 +5672,2466 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.11" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "a42b5da91e6fcde7", + "name": "fluent-bit", + "version": "25.10.11", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:ba6526ef04b3ea648e5f9dd34e9abca7cf61645ebd40a343a6e8a477b695523e", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.11", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.11" - } + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a42b5da91e6fcde7", - "name": "fluent-bit", - "version": "25.10.11", - "type": "binary", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:ba6526ef04b3ea648e5f9dd34e9abca7cf61645ebd40a343a6e8a477b695523e", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.11", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -5830,9 +8158,9 @@ "epss": [ { "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ @@ -5848,7 +8176,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { @@ -5860,34 +8188,187 @@ "https://access.redhat.com/security/cve/CVE-2026-0988", "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -5895,7 +8376,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5903,21 +8384,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -5931,14 +8412,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5948,20 +8434,20 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5969,16 +8455,16 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -5988,47 +8474,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -6037,7 +8534,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6045,21 +8542,21 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -6073,14 +8570,19 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6090,31 +8592,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6122,31 +8632,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6154,17 +8661,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6172,21 +8687,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6200,25 +8715,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6228,31 +8732,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6260,31 +8772,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6292,10 +8801,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6310,21 +8827,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6338,23 +8855,23 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -6366,73 +8883,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6449,25 +8969,25 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6475,24 +8995,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6506,14 +9026,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6523,73 +9054,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6606,18 +9140,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6632,24 +9166,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6663,23 +9197,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -6691,100 +9225,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6792,7 +9326,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6800,24 +9334,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6831,29 +9362,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6863,100 +9379,86 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6964,7 +9466,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6972,24 +9474,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -7003,29 +9502,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7035,103 +9519,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7147,24 +9628,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7178,128 +9656,156 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:2.3.3-5.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.02314 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7307,24 +9813,24 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7338,67 +9844,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7406,60 +9901,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7474,21 +9962,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -7502,17 +9990,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -7524,39 +10018,39 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7564,67 +10058,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7632,21 +10127,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7660,19 +10155,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "BSD" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7682,20 +10172,20 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7703,18 +10193,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7722,47 +10212,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7777,21 +10281,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7808,10 +10312,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7822,39 +10326,45 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -7862,54 +10372,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7917,21 +10434,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7945,25 +10462,14 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7973,20 +10479,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7994,17 +10500,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8013,47 +10519,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8069,21 +10579,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8097,37 +10607,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8135,64 +10645,52 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8200,18 +10698,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -8226,24 +10724,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8257,129 +10752,136 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -8389,7 +10891,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8397,24 +10899,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -8428,25 +10927,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8456,39 +10944,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -8496,68 +10984,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01728 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8565,21 +11040,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "e28c009b2c72d8a9", + "name": "systemd-libs", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -8593,14 +11068,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8610,37 +11096,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8650,45 +11136,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8705,21 +11192,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -8733,13 +11220,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8750,100 +11237,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01449 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" - ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8859,21 +11346,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8887,13 +11377,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8904,139 +11394,108 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { "versions": [ - "0:2.3.3-5.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.013770000000000001 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9044,24 +11503,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9075,14 +11534,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9092,92 +11562,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01363 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9193,21 +11671,24 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9221,23 +11702,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -9249,100 +11734,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013109999999999998 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9350,7 +11835,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9358,21 +11843,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9386,14 +11874,29 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9403,20 +11906,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9424,17 +11927,17 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9443,60 +11946,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012759999999999999 + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], - "epss": [ - { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "epss": [ + { + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9504,7 +11994,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9512,21 +12002,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -9540,14 +12030,25 @@ ], "language": "", "licenses": [ - "BSD" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9557,44 +12058,38 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9603,53 +12098,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9657,7 +12147,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9665,21 +12155,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9693,14 +12183,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9710,45 +12211,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -9756,40 +12251,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -9797,31 +12282,25 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9829,21 +12308,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9857,14 +12336,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9874,20 +12364,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.7, + "exploitabilityScore": 2.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9895,17 +12385,17 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9914,46 +12404,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9961,7 +12453,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9969,21 +12461,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10000,11 +12492,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10014,100 +12517,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10115,7 +12606,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10123,24 +12614,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10154,14 +12642,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10171,20 +12670,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10192,79 +12691,78 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10272,7 +12770,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10280,24 +12778,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10306,30 +12801,19 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" + } } ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10339,82 +12823,86 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10422,17 +12910,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10440,7 +12928,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10448,24 +12936,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10479,114 +12967,103 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10594,17 +13071,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10620,24 +13097,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10651,69 +13128,71 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10737,49 +13216,53 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0072250000000000005 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10802,7 +13285,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", + "vulnerabilityID": "CVE-2025-11187", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -10844,37 +13327,43 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10898,49 +13387,53 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0072250000000000005 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10963,7 +13456,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", + "vulnerabilityID": "CVE-2025-11187", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -11016,114 +13509,99 @@ }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11139,24 +13617,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11170,132 +13645,130 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -11310,24 +13783,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -11341,66 +13811,72 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -11409,41 +13885,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11451,17 +13930,23 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11483,7 +13968,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } @@ -11522,20 +14007,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11543,18 +14028,18 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -11562,52 +14047,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -11622,21 +14102,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11650,108 +14130,127 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11759,7 +14258,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11767,21 +14266,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -11795,72 +14294,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ], @@ -11869,66 +14351,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ] @@ -11936,7 +14398,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11944,21 +14406,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11972,25 +14434,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12000,99 +14451,104 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006875 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12108,21 +14564,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12136,111 +14595,129 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12248,21 +14725,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12276,127 +14756,103 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" - ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12412,21 +14868,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12440,37 +14896,37 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12478,18 +14934,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12497,47 +14953,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12552,21 +14997,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl-fips-provider", + "version": "0:3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "3f743355082e9e4b", + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12580,13 +15025,23 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12597,103 +15052,74 @@ }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0060999999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12702,7 +15128,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12710,24 +15136,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "039e508ce9d5da38", + "name": "openssl-fips-provider-so", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12741,120 +15164,110 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "upstreams": [ + { + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12877,11 +15290,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], @@ -12930,114 +15340,126 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 6.2, + "baseScore": 7.7, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005979999999999999 + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.00508 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/errata/RHSA-2026:2064", + "https://access.redhat.com/errata/RHSA-2026:2072", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", + "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13053,21 +15475,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -13081,13 +15506,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13098,125 +15523,106 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00508 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/errata/RHSA-2026:1323", - "https://access.redhat.com/errata/RHSA-2026:1324", - "https://access.redhat.com/errata/RHSA-2026:1326", - "https://access.redhat.com/errata/RHSA-2026:1327", - "https://access.redhat.com/errata/RHSA-2026:1465", - "https://access.redhat.com/errata/RHSA-2026:1608", - "https://access.redhat.com/errata/RHSA-2026:1624", - "https://access.redhat.com/errata/RHSA-2026:1625", - "https://access.redhat.com/errata/RHSA-2026:1626", - "https://access.redhat.com/errata/RHSA-2026:1627", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/errata/RHSA-2026:1736", - "https://access.redhat.com/errata/RHSA-2026:2064", - "https://access.redhat.com/errata/RHSA-2026:2072", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2633", - "https://access.redhat.com/errata/RHSA-2026:2659", - "https://access.redhat.com/errata/RHSA-2026:2671", - "https://access.redhat.com/errata/RHSA-2026:2974", - "https://access.redhat.com/errata/RHSA-2026:3415", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -13233,24 +15639,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -13264,13 +15670,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13304,8 +15710,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13367,8 +15773,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13462,8 +15868,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13525,8 +15931,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13631,8 +16037,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13694,8 +16100,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13804,8 +16210,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13867,8 +16273,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13977,8 +16383,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -14037,8 +16443,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -14104,151 +16510,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -14274,8 +16535,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14323,8 +16584,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14426,8 +16687,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14475,8 +16736,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14578,8 +16839,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14648,8 +16909,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14748,8 +17009,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14818,8 +17079,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14918,8 +17179,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14988,8 +17249,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15088,8 +17349,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15158,8 +17419,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15258,8 +17519,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15321,8 +17582,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15416,8 +17677,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15479,8 +17740,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15585,8 +17846,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15633,8 +17894,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15725,8 +17986,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -15786,8 +18047,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -15878,8 +18139,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -15941,8 +18202,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16033,8 +18294,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16099,8 +18360,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16194,8 +18455,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16260,8 +18521,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16348,7 +18609,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -16445,7 +18706,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -16941,107 +19202,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.10.11.md b/docs/security/agent/grype-25.10.11.md index 6efa336..fa55678 100644 --- a/docs/security/agent/grype-25.10.11.md +++ b/docs/security/agent/grype-25.10.11.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -15,19 +16,28 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.10.11 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.11 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd-libs | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | @@ -66,7 +76,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -76,6 +85,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -85,25 +95,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.10.12.json b/docs/security/agent/grype-25.10.12.json index 9282a34..0c99b28 100644 --- a/docs/security/agent/grype-25.10.12.json +++ b/docs/security/agent/grype-25.10.12.json @@ -25,8 +25,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -93,8 +93,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -188,8 +188,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -256,8 +256,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -362,8 +362,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -441,8 +441,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -545,8 +545,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -590,8 +590,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -685,8 +685,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -730,8 +730,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -825,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -891,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -994,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1060,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1163,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1219,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1311,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1384,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1487,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1560,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1712,8 +1712,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1804,8 +1804,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1853,8 +1853,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1956,8 +1956,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2016,8 +2016,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2108,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2157,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2249,8 +2249,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2315,8 +2315,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2410,8 +2410,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2476,8 +2476,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2582,8 +2582,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2649,8 +2649,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2747,8 +2747,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2822,8 +2822,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2920,8 +2920,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3016,8 +3016,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3120,8 +3120,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3174,8 +3174,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3272,8 +3272,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3320,8 +3320,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3412,8 +3412,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3478,8 +3478,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3573,8 +3573,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3639,8 +3639,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3748,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -3840,8 +3840,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -3906,8 +3906,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4001,8 +4001,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4067,8 +4067,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4173,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4223,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4315,8 +4315,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4363,8 +4363,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4432,39 +4432,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4472,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4501,25 +4501,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4527,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4558,11 +4558,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4572,38 +4583,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4612,25 +4623,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4641,17 +4652,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4659,7 +4670,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4667,21 +4678,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4695,14 +4706,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4712,20 +4734,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4733,77 +4755,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,18 +4803,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4837,24 +4829,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -4868,29 +4857,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -4906,77 +4895,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4984,17 +4943,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5002,7 +4961,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5010,24 +4969,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5041,48 +4997,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5090,16 +5035,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5123,31 +5068,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5155,16 +5113,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5187,7 +5145,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5229,20 +5187,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5208,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,48 +5241,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5347,7 +5318,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5400,20 +5371,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5421,18 +5392,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5440,58 +5411,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5506,21 +5467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5534,37 +5495,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5572,75 +5533,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5649,7 +5616,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5658,19 +5625,22 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -5688,22 +5658,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5713,97 +5672,2466 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.12" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "4a6dc1b111ad93ba", + "name": "fluent-bit", + "version": "25.10.12", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:e9c39397b6d0a90106a28d38666843c1f24cae96c8ab4e5c8bc7b267edef5ca8", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.12" - } + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4a6dc1b111ad93ba", - "name": "fluent-bit", - "version": "25.10.12", - "type": "binary", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:e9c39397b6d0a90106a28d38666843c1f24cae96c8ab4e5c8bc7b267edef5ca8", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.12", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -5830,9 +8158,9 @@ "epss": [ { "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ @@ -5848,7 +8176,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { @@ -5860,34 +8188,187 @@ "https://access.redhat.com/security/cve/CVE-2026-0988", "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -5895,7 +8376,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5903,21 +8384,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -5931,14 +8412,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5948,20 +8434,20 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5969,16 +8455,16 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -5988,47 +8474,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -6037,7 +8534,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6045,21 +8542,21 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -6073,14 +8570,19 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6090,31 +8592,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6122,31 +8632,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6154,17 +8661,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6172,21 +8687,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6200,25 +8715,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6228,31 +8732,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6260,31 +8772,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6292,10 +8801,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6310,21 +8827,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6338,23 +8855,23 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -6366,73 +8883,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6449,25 +8969,25 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6475,24 +8995,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6506,14 +9026,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6523,73 +9054,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6606,18 +9140,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6632,24 +9166,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6663,23 +9197,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -6691,100 +9225,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6792,7 +9326,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6800,24 +9334,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6831,29 +9362,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6863,100 +9379,86 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6964,7 +9466,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6972,24 +9474,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -7003,29 +9502,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7035,103 +9519,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7147,24 +9628,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7178,128 +9656,156 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:2.3.3-5.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.02314 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7307,24 +9813,24 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7338,67 +9844,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7406,60 +9901,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7474,21 +9962,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -7502,17 +9990,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -7524,39 +10018,39 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7564,67 +10058,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7632,21 +10127,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7660,19 +10155,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "BSD" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7682,20 +10172,20 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7703,18 +10193,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7722,47 +10212,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7777,21 +10281,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7808,10 +10312,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7822,39 +10326,45 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -7862,54 +10372,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7917,21 +10434,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7945,25 +10462,14 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7973,20 +10479,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7994,17 +10500,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8013,47 +10519,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8069,21 +10579,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8097,37 +10607,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8135,64 +10645,52 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8200,18 +10698,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -8226,24 +10724,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8257,129 +10752,136 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -8389,7 +10891,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8397,24 +10899,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -8428,25 +10927,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8456,39 +10944,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -8496,68 +10984,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01728 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8565,21 +11040,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "e28c009b2c72d8a9", + "name": "systemd-libs", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -8593,14 +11068,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8610,37 +11096,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8650,45 +11136,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8705,21 +11192,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -8733,13 +11220,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8750,100 +11237,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01449 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" - ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8859,21 +11346,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8887,13 +11377,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8904,139 +11394,108 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { "versions": [ - "0:2.3.3-5.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.013770000000000001 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9044,24 +11503,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9075,14 +11534,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9092,92 +11562,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01363 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9193,21 +11671,24 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9221,23 +11702,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -9249,100 +11734,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013109999999999998 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9350,7 +11835,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9358,21 +11843,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9386,14 +11874,29 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9403,20 +11906,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9424,17 +11927,17 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9443,60 +11946,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012759999999999999 + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], - "epss": [ - { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "epss": [ + { + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9504,7 +11994,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9512,21 +12002,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -9540,14 +12030,25 @@ ], "language": "", "licenses": [ - "BSD" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9557,44 +12058,38 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9603,53 +12098,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9657,7 +12147,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9665,21 +12155,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9693,14 +12183,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9710,45 +12211,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -9756,40 +12251,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -9797,31 +12282,25 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9829,21 +12308,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9857,14 +12336,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9874,20 +12364,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.7, + "exploitabilityScore": 2.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9895,17 +12385,17 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9914,46 +12404,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9961,7 +12453,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9969,21 +12461,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10000,11 +12492,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10014,100 +12517,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10115,7 +12606,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10123,24 +12614,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10154,14 +12642,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10171,20 +12670,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10192,79 +12691,78 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10272,7 +12770,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10280,24 +12778,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10306,30 +12801,19 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" + } } ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10339,82 +12823,86 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10422,17 +12910,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10440,7 +12928,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10448,24 +12936,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10479,114 +12967,103 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10594,17 +13071,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10620,24 +13097,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10651,69 +13128,71 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10737,49 +13216,53 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0072250000000000005 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10802,7 +13285,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", + "vulnerabilityID": "CVE-2025-11187", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -10844,37 +13327,43 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10898,49 +13387,53 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0072250000000000005 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10963,7 +13456,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", + "vulnerabilityID": "CVE-2025-11187", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -11016,114 +13509,99 @@ }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11139,24 +13617,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11170,132 +13645,130 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -11310,24 +13783,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -11341,66 +13811,72 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -11409,41 +13885,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11451,17 +13930,23 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11483,7 +13968,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } @@ -11522,20 +14007,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11543,18 +14028,18 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -11562,52 +14047,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -11622,21 +14102,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11650,108 +14130,127 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11759,7 +14258,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11767,21 +14266,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -11795,72 +14294,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ], @@ -11869,66 +14351,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ] @@ -11936,7 +14398,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11944,21 +14406,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11972,25 +14434,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12000,99 +14451,104 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006875 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12108,21 +14564,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12136,111 +14595,129 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12248,21 +14725,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12276,127 +14756,103 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" - ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12412,21 +14868,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12440,37 +14896,37 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12478,18 +14934,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12497,47 +14953,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12552,21 +14997,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl-fips-provider", + "version": "0:3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "3f743355082e9e4b", + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12580,13 +15025,23 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12597,103 +15052,74 @@ }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0060999999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12702,7 +15128,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12710,24 +15136,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "039e508ce9d5da38", + "name": "openssl-fips-provider-so", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12741,120 +15164,110 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "upstreams": [ + { + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12877,11 +15290,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], @@ -12930,114 +15340,126 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 6.2, + "baseScore": 7.7, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005979999999999999 + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.00508 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/errata/RHSA-2026:2064", + "https://access.redhat.com/errata/RHSA-2026:2072", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", + "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13053,21 +15475,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -13081,13 +15506,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13098,125 +15523,106 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00508 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/errata/RHSA-2026:1323", - "https://access.redhat.com/errata/RHSA-2026:1324", - "https://access.redhat.com/errata/RHSA-2026:1326", - "https://access.redhat.com/errata/RHSA-2026:1327", - "https://access.redhat.com/errata/RHSA-2026:1465", - "https://access.redhat.com/errata/RHSA-2026:1608", - "https://access.redhat.com/errata/RHSA-2026:1624", - "https://access.redhat.com/errata/RHSA-2026:1625", - "https://access.redhat.com/errata/RHSA-2026:1626", - "https://access.redhat.com/errata/RHSA-2026:1627", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/errata/RHSA-2026:1736", - "https://access.redhat.com/errata/RHSA-2026:2064", - "https://access.redhat.com/errata/RHSA-2026:2072", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2633", - "https://access.redhat.com/errata/RHSA-2026:2659", - "https://access.redhat.com/errata/RHSA-2026:2671", - "https://access.redhat.com/errata/RHSA-2026:2974", - "https://access.redhat.com/errata/RHSA-2026:3415", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -13233,24 +15639,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -13264,13 +15670,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13304,8 +15710,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13367,8 +15773,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13462,8 +15868,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13525,8 +15931,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13631,8 +16037,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13694,8 +16100,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13804,8 +16210,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13867,8 +16273,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13977,8 +16383,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -14037,8 +16443,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -14104,151 +16510,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -14274,8 +16535,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14323,8 +16584,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14426,8 +16687,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14475,8 +16736,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14578,8 +16839,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14648,8 +16909,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14748,8 +17009,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14818,8 +17079,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14918,8 +17179,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14988,8 +17249,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15088,8 +17349,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15158,8 +17419,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15258,8 +17519,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15321,8 +17582,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15416,8 +17677,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15479,8 +17740,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15585,8 +17846,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15633,8 +17894,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15725,8 +17986,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -15786,8 +18047,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -15878,8 +18139,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -15941,8 +18202,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16033,8 +18294,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16099,8 +18360,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16194,8 +18455,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16260,8 +18521,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16348,7 +18609,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -16445,7 +18706,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -16941,107 +19202,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.10.12.md b/docs/security/agent/grype-25.10.12.md index 34a7b2d..e56524b 100644 --- a/docs/security/agent/grype-25.10.12.md +++ b/docs/security/agent/grype-25.10.12.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -15,19 +16,28 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.10.12 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.12 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd-libs | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | @@ -66,7 +76,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -76,6 +85,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -85,25 +95,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.10.2.json b/docs/security/agent/grype-25.10.2.json index 1ddb941..d10ff37 100644 --- a/docs/security/agent/grype-25.10.2.json +++ b/docs/security/agent/grype-25.10.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -257,8 +257,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -352,8 +352,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -420,8 +420,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -526,8 +526,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -605,8 +605,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -709,8 +709,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -754,8 +754,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -849,8 +849,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -894,8 +894,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -989,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1055,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1158,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1224,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1327,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1383,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1548,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1651,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1724,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1876,8 +1876,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1968,8 +1968,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2017,8 +2017,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2120,8 +2120,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2180,8 +2180,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2272,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2321,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2413,8 +2413,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2479,8 +2479,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2574,8 +2574,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2640,8 +2640,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2746,8 +2746,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2813,8 +2813,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2911,8 +2911,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2986,8 +2986,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -3084,8 +3084,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3284,8 +3284,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3361,8 +3361,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3467,8 +3467,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3521,8 +3521,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3619,8 +3619,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3667,8 +3667,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3759,8 +3759,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3825,8 +3825,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3920,8 +3920,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3986,8 +3986,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -4095,8 +4095,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -4187,8 +4187,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4253,8 +4253,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4348,8 +4348,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4414,8 +4414,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4520,8 +4520,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4570,8 +4570,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4662,8 +4662,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4710,8 +4710,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4779,39 +4779,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4819,28 +4819,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4848,25 +4848,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4874,21 +4874,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -4905,11 +4905,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4919,38 +4930,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4959,25 +4970,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4988,17 +4999,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5006,7 +5017,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5014,21 +5025,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5042,14 +5053,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5059,20 +5081,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5080,77 +5102,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,18 +5150,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5184,24 +5176,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -5215,29 +5204,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5253,77 +5242,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5331,17 +5290,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5349,7 +5308,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5357,24 +5316,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5388,48 +5344,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5437,16 +5382,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5470,31 +5415,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5502,16 +5460,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5534,7 +5492,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5576,20 +5534,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5597,16 +5555,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5630,48 +5588,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5694,7 +5665,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5747,20 +5718,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5768,18 +5739,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5787,58 +5758,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5853,21 +5814,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5881,37 +5842,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5919,75 +5880,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5996,7 +5963,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6005,19 +5972,22 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -6035,22 +6005,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -6060,134 +6019,210 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.2" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "04d33236b6f59eb8", - "name": "fluent-bit", - "version": "25.10.2", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6195,47 +6230,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6250,21 +6296,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6278,55 +6324,2197 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "04d33236b6f59eb8", + "name": "fluent-bit", + "version": "25.10.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -6335,48 +8523,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -6392,21 +8578,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -6420,13 +8606,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6437,20 +8623,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6458,10 +8644,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6469,42 +8663,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6519,21 +8731,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6547,23 +8759,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6575,20 +8781,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6596,10 +8802,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6607,42 +8821,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6657,21 +8889,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6685,23 +8917,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6713,77 +8939,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6796,18 +9008,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6822,24 +9034,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6853,13 +9062,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6870,77 +9079,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6953,18 +9148,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6979,24 +9174,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7010,23 +9202,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -7038,73 +9230,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7121,18 +9316,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7147,24 +9342,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7178,27 +9373,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7210,73 +9401,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7293,18 +9487,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7319,24 +9513,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7350,27 +9544,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7382,20 +9572,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7403,64 +9593,76 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02314 + "risk": 0.017945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7468,17 +9670,17 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7486,7 +9688,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7494,24 +9696,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -7525,120 +9727,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7646,7 +9856,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7654,24 +9864,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7685,135 +9892,145 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7821,21 +10038,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7849,122 +10069,138 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7979,21 +10215,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8007,42 +10246,48 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8050,18 +10295,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8069,47 +10314,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8124,21 +10369,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -8152,13 +10397,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8169,39 +10414,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8209,54 +10454,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8264,21 +10523,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8295,22 +10554,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8320,88 +10568,132 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8416,21 +10708,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8444,13 +10739,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8461,104 +10756,93 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8573,24 +10857,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -8604,23 +10885,23 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -8632,111 +10913,108 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8744,24 +11022,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8775,25 +11050,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8803,114 +11067,99 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.017945 + "advisories": [], + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8919,7 +11168,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8927,24 +11176,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8958,25 +11204,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8986,38 +11221,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9026,60 +11267,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01728 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9095,21 +11329,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9123,13 +11357,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9140,20 +11374,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9161,17 +11395,17 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9180,46 +11414,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9235,21 +11474,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9263,55 +11502,55 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9320,60 +11559,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01449 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9381,7 +11611,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9389,21 +11619,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9417,147 +11647,137 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -9574,24 +11794,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -9605,13 +11822,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9622,39 +11839,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9662,53 +11879,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -9723,21 +11935,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -9751,23 +11963,23 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -9779,37 +11991,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,59 +12031,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9888,21 +12087,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9916,13 +12115,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9933,20 +12132,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9954,79 +12153,79 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.012759999999999999 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10042,21 +12241,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10070,13 +12272,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10087,99 +12289,100 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10187,7 +12390,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10195,21 +12398,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, - "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10223,14 +12429,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10240,93 +12457,79 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10337,23 +12540,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10361,7 +12558,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10369,24 +12566,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10400,110 +12597,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10514,23 +12712,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10546,24 +12738,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10577,73 +12769,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10651,72 +12841,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10724,21 +12897,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -10752,14 +12925,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10769,20 +12953,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10790,17 +12974,17 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -10809,46 +12993,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10856,7 +13042,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10864,21 +13050,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10895,11 +13081,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10909,100 +13106,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 6.5, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11010,7 +13195,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11018,24 +13203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3784", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11049,14 +13231,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11066,100 +13259,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11175,24 +13356,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11206,23 +13384,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11234,100 +13412,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11343,24 +13509,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11374,27 +13537,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11406,100 +13565,99 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } - ], - "epss": [ - { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "epss": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], - "risk": 0.009785 + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -11507,7 +13665,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11515,24 +13673,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11546,29 +13701,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11601,8 +13741,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11667,8 +13807,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11762,8 +13902,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11828,8 +13968,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11934,8 +14074,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12004,8 +14144,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12105,8 +14245,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12175,8 +14315,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12264,39 +14404,198 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007125000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + ], + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -12304,67 +14603,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12372,21 +14678,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12400,14 +14706,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12417,38 +14734,44 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -12457,51 +14780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -12517,21 +14857,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12545,37 +14885,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12583,18 +14923,18 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -12602,59 +14942,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12662,21 +14997,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -12690,148 +15025,135 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 4.7, + "baseScore": 5.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12839,21 +15161,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12867,25 +15189,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12895,20 +15206,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12916,18 +15227,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12935,41 +15246,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006875 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12977,18 +15275,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13009,7 +15307,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13048,87 +15346,105 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13143,21 +15459,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13171,127 +15490,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006695 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13299,7 +15612,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13307,21 +15620,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13335,37 +15651,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13373,18 +15700,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -13392,47 +15719,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13447,21 +15763,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13475,120 +15791,91 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13605,24 +15892,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "0:3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "ead6ec3a96c03e8e", + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13639,117 +15923,98 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13766,24 +16031,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "7acafa332217c3b4", + "name": "openssl-fips-provider-so", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13800,69 +16062,71 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -13871,68 +16135,35 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" - ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13940,7 +16171,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13948,21 +16179,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13976,17 +16207,28 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -14016,8 +16258,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14104,8 +16346,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14134,18 +16376,187 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.00504 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -14159,13 +16570,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14176,112 +16587,107 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00504 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14297,24 +16703,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -14328,13 +16734,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14368,8 +16774,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14431,8 +16837,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14526,8 +16932,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14589,8 +16995,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14695,8 +17101,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14758,8 +17164,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14868,8 +17274,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14931,8 +17337,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -15041,8 +17447,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15101,8 +17507,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15168,151 +17574,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -15338,8 +17599,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15387,8 +17648,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15490,8 +17751,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15539,8 +17800,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15642,8 +17903,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15712,8 +17973,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15812,8 +18073,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15882,8 +18143,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15982,8 +18243,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16052,8 +18313,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16152,8 +18413,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16222,8 +18483,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16322,8 +18583,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16385,8 +18646,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16480,8 +18741,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16543,8 +18804,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16649,8 +18910,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16697,8 +18958,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16789,8 +19050,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16850,8 +19111,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16942,8 +19203,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17005,8 +19266,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17097,8 +19358,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17163,8 +19424,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17258,8 +19519,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17324,8 +19585,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17412,7 +19673,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17509,7 +19770,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -18005,107 +20266,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.10.2.md b/docs/security/agent/grype-25.10.2.md index eaebcd0..ba60ff9 100644 --- a/docs/security/agent/grype-25.10.2.md +++ b/docs/security/agent/grype-25.10.2.md @@ -8,6 +8,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -16,22 +17,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.10.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | @@ -72,7 +82,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -82,6 +91,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -91,25 +101,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.10.3.json b/docs/security/agent/grype-25.10.3.json index 3e48cbd..99006fc 100644 --- a/docs/security/agent/grype-25.10.3.json +++ b/docs/security/agent/grype-25.10.3.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -257,8 +257,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -352,8 +352,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -420,8 +420,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -526,8 +526,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -605,8 +605,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -709,8 +709,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -754,8 +754,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -849,8 +849,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -894,8 +894,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -989,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1055,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1158,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1224,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1327,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1383,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1548,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1651,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1724,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1876,8 +1876,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1968,8 +1968,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2017,8 +2017,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2120,8 +2120,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2180,8 +2180,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2272,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2321,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2413,8 +2413,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2479,8 +2479,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2574,8 +2574,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2640,8 +2640,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2746,8 +2746,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2813,8 +2813,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2911,8 +2911,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2986,8 +2986,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -3084,8 +3084,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3284,8 +3284,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3361,8 +3361,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3467,8 +3467,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3521,8 +3521,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3619,8 +3619,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3667,8 +3667,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3759,8 +3759,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3825,8 +3825,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3920,8 +3920,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3986,8 +3986,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -4095,8 +4095,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -4187,8 +4187,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4253,8 +4253,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4348,8 +4348,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4414,8 +4414,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4520,8 +4520,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4570,8 +4570,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4662,8 +4662,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4710,8 +4710,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4779,39 +4779,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4819,28 +4819,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4848,25 +4848,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4874,21 +4874,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -4905,11 +4905,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4919,38 +4930,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4959,25 +4970,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4988,17 +4999,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5006,7 +5017,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5014,21 +5025,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5042,14 +5053,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5059,20 +5081,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5080,77 +5102,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,18 +5150,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5184,24 +5176,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -5215,29 +5204,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5253,77 +5242,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5331,17 +5290,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5349,7 +5308,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5357,24 +5316,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5388,48 +5344,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5437,16 +5382,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5470,31 +5415,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5502,16 +5460,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5534,7 +5492,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5576,20 +5534,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5597,16 +5555,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5630,48 +5588,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5694,7 +5665,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5747,20 +5718,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5768,18 +5739,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5787,58 +5758,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5853,21 +5814,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5881,37 +5842,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5919,75 +5880,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5996,7 +5963,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6005,19 +5972,22 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -6035,22 +6005,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -6060,134 +6019,210 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.3" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "58605501f0a6c108", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6195,47 +6230,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6250,21 +6296,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6278,55 +6324,2197 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "58605501f0a6c108", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -6335,48 +8523,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -6392,21 +8578,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -6420,13 +8606,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6437,20 +8623,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6458,10 +8644,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6469,42 +8663,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6519,21 +8731,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6547,23 +8759,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6575,20 +8781,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6596,10 +8802,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6607,42 +8821,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6657,21 +8889,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6685,23 +8917,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6713,77 +8939,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6796,18 +9008,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6822,24 +9034,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6853,13 +9062,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6870,77 +9079,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6953,18 +9148,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6979,24 +9174,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7010,23 +9202,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -7038,73 +9230,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7121,18 +9316,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7147,24 +9342,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7178,27 +9373,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7210,73 +9401,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7293,18 +9487,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7319,24 +9513,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7350,27 +9544,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7382,20 +9572,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7403,64 +9593,76 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02314 + "risk": 0.017945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7468,17 +9670,17 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7486,7 +9688,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7494,24 +9696,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -7525,120 +9727,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7646,7 +9856,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7654,24 +9864,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7685,135 +9892,145 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7821,21 +10038,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7849,122 +10069,138 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7979,21 +10215,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8007,42 +10246,48 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8050,18 +10295,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8069,47 +10314,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8124,21 +10369,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -8152,13 +10397,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8169,39 +10414,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8209,54 +10454,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8264,21 +10523,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8295,22 +10554,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8320,88 +10568,132 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8416,21 +10708,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8444,13 +10739,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8461,104 +10756,93 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8573,24 +10857,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -8604,23 +10885,23 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -8632,111 +10913,108 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8744,24 +11022,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8775,25 +11050,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8803,114 +11067,99 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.017945 + "advisories": [], + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8919,7 +11168,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8927,24 +11176,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8958,25 +11204,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8986,38 +11221,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9026,60 +11267,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01728 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9095,21 +11329,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9123,13 +11357,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9140,20 +11374,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9161,17 +11395,17 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9180,46 +11414,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9235,21 +11474,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9263,55 +11502,55 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9320,60 +11559,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01449 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9381,7 +11611,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9389,21 +11619,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9417,147 +11647,137 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -9574,24 +11794,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -9605,13 +11822,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9622,39 +11839,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9662,53 +11879,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -9723,21 +11935,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -9751,23 +11963,23 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -9779,37 +11991,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,59 +12031,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9888,21 +12087,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9916,13 +12115,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9933,20 +12132,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9954,79 +12153,79 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.012759999999999999 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10042,21 +12241,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10070,13 +12272,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10087,99 +12289,100 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10187,7 +12390,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10195,21 +12398,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, - "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10223,14 +12429,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10240,93 +12457,79 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10337,23 +12540,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10361,7 +12558,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10369,24 +12566,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10400,110 +12597,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10514,23 +12712,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10546,24 +12738,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10577,73 +12769,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10651,72 +12841,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10724,21 +12897,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -10752,14 +12925,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10769,20 +12953,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10790,17 +12974,17 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -10809,46 +12993,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10856,7 +13042,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10864,21 +13050,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10895,11 +13081,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10909,100 +13106,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 6.5, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11010,7 +13195,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11018,24 +13203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3784", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11049,14 +13231,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11066,100 +13259,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11175,24 +13356,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11206,23 +13384,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11234,100 +13412,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11343,24 +13509,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11374,27 +13537,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11406,100 +13565,99 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } - ], - "epss": [ - { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "epss": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], - "risk": 0.009785 + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -11507,7 +13665,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11515,24 +13673,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11546,29 +13701,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11601,8 +13741,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11667,8 +13807,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11762,8 +13902,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11828,8 +13968,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11934,8 +14074,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12004,8 +14144,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12105,8 +14245,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12175,8 +14315,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12264,39 +14404,198 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007125000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + ], + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -12304,67 +14603,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12372,21 +14678,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12400,14 +14706,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12417,38 +14734,44 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -12457,51 +14780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -12517,21 +14857,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12545,37 +14885,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12583,18 +14923,18 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -12602,59 +14942,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12662,21 +14997,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -12690,148 +15025,135 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 4.7, + "baseScore": 5.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12839,21 +15161,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12867,25 +15189,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12895,20 +15206,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12916,18 +15227,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12935,41 +15246,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006875 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12977,18 +15275,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13009,7 +15307,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13048,87 +15346,105 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13143,21 +15459,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13171,127 +15490,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006695 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13299,7 +15612,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13307,21 +15620,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13335,37 +15651,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13373,18 +15700,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -13392,47 +15719,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13447,21 +15763,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13475,120 +15791,91 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13605,24 +15892,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "0:3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "ead6ec3a96c03e8e", + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13639,117 +15923,98 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13766,24 +16031,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "7acafa332217c3b4", + "name": "openssl-fips-provider-so", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13800,69 +16062,71 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -13871,68 +16135,35 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" - ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13940,7 +16171,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13948,21 +16179,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13976,17 +16207,28 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -14016,8 +16258,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14104,8 +16346,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14134,18 +16376,187 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.00504 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -14159,13 +16570,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14176,112 +16587,107 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00504 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14297,24 +16703,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -14328,13 +16734,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14368,8 +16774,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14431,8 +16837,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14526,8 +16932,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14589,8 +16995,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14695,8 +17101,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14758,8 +17164,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14868,8 +17274,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14931,8 +17337,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -15041,8 +17447,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15101,8 +17507,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15168,151 +17574,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -15338,8 +17599,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15387,8 +17648,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15490,8 +17751,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15539,8 +17800,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15642,8 +17903,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15712,8 +17973,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15812,8 +18073,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15882,8 +18143,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15982,8 +18243,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16052,8 +18313,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16152,8 +18413,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16222,8 +18483,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16322,8 +18583,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16385,8 +18646,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16480,8 +18741,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16543,8 +18804,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16649,8 +18910,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16697,8 +18958,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16789,8 +19050,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16850,8 +19111,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16942,8 +19203,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17005,8 +19266,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17097,8 +19358,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17163,8 +19424,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17258,8 +19519,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17324,8 +19585,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17412,7 +19673,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17509,7 +19770,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -18005,107 +20266,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.10.3.md b/docs/security/agent/grype-25.10.3.md index 77af1bb..588c4d1 100644 --- a/docs/security/agent/grype-25.10.3.md +++ b/docs/security/agent/grype-25.10.3.md @@ -8,6 +8,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -16,22 +17,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | @@ -72,7 +82,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -82,6 +91,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -91,25 +101,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.10.4.json b/docs/security/agent/grype-25.10.4.json index e4c900d..b9594b8 100644 --- a/docs/security/agent/grype-25.10.4.json +++ b/docs/security/agent/grype-25.10.4.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -257,8 +257,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -352,8 +352,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -420,8 +420,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -526,8 +526,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -605,8 +605,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -709,8 +709,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -754,8 +754,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -849,8 +849,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -894,8 +894,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -989,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1055,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1158,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1224,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1327,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1383,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1548,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1651,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1724,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1876,8 +1876,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1968,8 +1968,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2017,8 +2017,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2120,8 +2120,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2180,8 +2180,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2272,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2321,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2413,8 +2413,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2479,8 +2479,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2574,8 +2574,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2640,8 +2640,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2746,8 +2746,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2813,8 +2813,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2911,8 +2911,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2986,8 +2986,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -3084,8 +3084,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3284,8 +3284,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3361,8 +3361,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3467,8 +3467,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3521,8 +3521,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3619,8 +3619,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3667,8 +3667,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3759,8 +3759,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3825,8 +3825,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3920,8 +3920,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3986,8 +3986,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -4095,8 +4095,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -4187,8 +4187,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4253,8 +4253,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4348,8 +4348,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4414,8 +4414,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4520,8 +4520,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4570,8 +4570,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4662,8 +4662,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4710,8 +4710,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4779,39 +4779,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4819,28 +4819,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4848,25 +4848,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4874,21 +4874,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -4905,11 +4905,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4919,38 +4930,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4959,25 +4970,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4988,17 +4999,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5006,7 +5017,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5014,21 +5025,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5042,14 +5053,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5059,20 +5081,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5080,77 +5102,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,18 +5150,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5184,24 +5176,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -5215,29 +5204,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5253,77 +5242,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5331,17 +5290,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5349,7 +5308,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5357,24 +5316,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5388,48 +5344,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5437,16 +5382,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5470,31 +5415,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5502,16 +5460,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5534,7 +5492,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5576,20 +5534,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5597,16 +5555,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5630,48 +5588,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5694,7 +5665,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5747,20 +5718,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5768,18 +5739,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5787,58 +5758,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5853,21 +5814,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5881,37 +5842,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5919,75 +5880,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5996,7 +5963,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6005,19 +5972,22 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -6035,22 +6005,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -6060,134 +6019,210 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.3" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "f3db967c04cd48f5", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6195,47 +6230,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6250,21 +6296,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6278,55 +6324,2197 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "f3db967c04cd48f5", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -6335,48 +8523,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -6392,21 +8578,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -6420,13 +8606,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6437,20 +8623,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6458,10 +8644,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6469,42 +8663,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6519,21 +8731,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6547,23 +8759,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6575,20 +8781,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6596,10 +8802,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6607,42 +8821,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6657,21 +8889,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6685,23 +8917,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6713,77 +8939,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6796,18 +9008,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6822,24 +9034,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6853,13 +9062,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6870,77 +9079,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6953,18 +9148,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6979,24 +9174,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7010,23 +9202,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -7038,73 +9230,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7121,18 +9316,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7147,24 +9342,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7178,27 +9373,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7210,73 +9401,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7293,18 +9487,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7319,24 +9513,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7350,27 +9544,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7382,20 +9572,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7403,64 +9593,76 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02314 + "risk": 0.017945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7468,17 +9670,17 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7486,7 +9688,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7494,24 +9696,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -7525,120 +9727,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7646,7 +9856,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7654,24 +9864,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7685,135 +9892,145 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7821,21 +10038,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7849,122 +10069,138 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7979,21 +10215,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8007,42 +10246,48 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8050,18 +10295,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8069,47 +10314,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8124,21 +10369,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -8152,13 +10397,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8169,39 +10414,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8209,54 +10454,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8264,21 +10523,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8295,22 +10554,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8320,88 +10568,132 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8416,21 +10708,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8444,13 +10739,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8461,104 +10756,93 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8573,24 +10857,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -8604,23 +10885,23 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -8632,111 +10913,108 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8744,24 +11022,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8775,25 +11050,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8803,114 +11067,99 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.017945 + "advisories": [], + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8919,7 +11168,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8927,24 +11176,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8958,25 +11204,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8986,38 +11221,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9026,60 +11267,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01728 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9095,21 +11329,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9123,13 +11357,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9140,20 +11374,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9161,17 +11395,17 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9180,46 +11414,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9235,21 +11474,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9263,55 +11502,55 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9320,60 +11559,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01449 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9381,7 +11611,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9389,21 +11619,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9417,147 +11647,137 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -9574,24 +11794,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -9605,13 +11822,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9622,39 +11839,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9662,53 +11879,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -9723,21 +11935,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -9751,23 +11963,23 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -9779,37 +11991,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,59 +12031,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9888,21 +12087,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9916,13 +12115,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9933,20 +12132,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9954,79 +12153,79 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.012759999999999999 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10042,21 +12241,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10070,13 +12272,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10087,99 +12289,100 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10187,7 +12390,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10195,21 +12398,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, - "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10223,14 +12429,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10240,93 +12457,79 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10337,23 +12540,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10361,7 +12558,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10369,24 +12566,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10400,110 +12597,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10514,23 +12712,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10546,24 +12738,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10577,73 +12769,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10651,72 +12841,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10724,21 +12897,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -10752,14 +12925,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10769,20 +12953,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10790,17 +12974,17 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -10809,46 +12993,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10856,7 +13042,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10864,21 +13050,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10895,11 +13081,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10909,100 +13106,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 6.5, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11010,7 +13195,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11018,24 +13203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3784", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11049,14 +13231,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11066,100 +13259,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11175,24 +13356,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11206,23 +13384,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11234,100 +13412,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11343,24 +13509,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11374,27 +13537,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11406,100 +13565,99 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } - ], - "epss": [ - { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "epss": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], - "risk": 0.009785 + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -11507,7 +13665,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11515,24 +13673,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11546,29 +13701,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11601,8 +13741,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11667,8 +13807,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11762,8 +13902,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11828,8 +13968,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11934,8 +14074,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12004,8 +14144,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12105,8 +14245,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12175,8 +14315,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12264,39 +14404,198 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007125000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + ], + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -12304,67 +14603,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12372,21 +14678,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12400,14 +14706,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12417,38 +14734,44 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -12457,51 +14780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -12517,21 +14857,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12545,37 +14885,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12583,18 +14923,18 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -12602,59 +14942,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12662,21 +14997,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -12690,148 +15025,135 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 4.7, + "baseScore": 5.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12839,21 +15161,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12867,25 +15189,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12895,20 +15206,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12916,18 +15227,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12935,41 +15246,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006875 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12977,18 +15275,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13009,7 +15307,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13048,87 +15346,105 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13143,21 +15459,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13171,127 +15490,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006695 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13299,7 +15612,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13307,21 +15620,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13335,37 +15651,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13373,18 +15700,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -13392,47 +15719,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13447,21 +15763,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13475,120 +15791,91 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13605,24 +15892,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "0:3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "ead6ec3a96c03e8e", + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13639,117 +15923,98 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13766,24 +16031,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "7acafa332217c3b4", + "name": "openssl-fips-provider-so", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13800,69 +16062,71 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -13871,68 +16135,35 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" - ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13940,7 +16171,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13948,21 +16179,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13976,17 +16207,28 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -14016,8 +16258,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14104,8 +16346,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14134,18 +16376,187 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.00504 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -14159,13 +16570,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14176,112 +16587,107 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00504 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14297,24 +16703,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -14328,13 +16734,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14368,8 +16774,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14431,8 +16837,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14526,8 +16932,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14589,8 +16995,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14695,8 +17101,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14758,8 +17164,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14868,8 +17274,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14931,8 +17337,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -15041,8 +17447,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15101,8 +17507,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15168,151 +17574,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -15338,8 +17599,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15387,8 +17648,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15490,8 +17751,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15539,8 +17800,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15642,8 +17903,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15712,8 +17973,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15812,8 +18073,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15882,8 +18143,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15982,8 +18243,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16052,8 +18313,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16152,8 +18413,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16222,8 +18483,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16322,8 +18583,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16385,8 +18646,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16480,8 +18741,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16543,8 +18804,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16649,8 +18910,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16697,8 +18958,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16789,8 +19050,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16850,8 +19111,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16942,8 +19203,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17005,8 +19266,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17097,8 +19358,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17163,8 +19424,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17258,8 +19519,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17324,8 +19585,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17412,7 +19673,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17509,7 +19770,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -18005,107 +20266,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.10.4.md b/docs/security/agent/grype-25.10.4.md index b3dec4f..e5ed44d 100644 --- a/docs/security/agent/grype-25.10.4.md +++ b/docs/security/agent/grype-25.10.4.md @@ -8,6 +8,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -16,22 +17,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | @@ -72,7 +82,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -82,6 +91,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -91,25 +101,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.10.5.json b/docs/security/agent/grype-25.10.5.json index e6707d6..1eee8e6 100644 --- a/docs/security/agent/grype-25.10.5.json +++ b/docs/security/agent/grype-25.10.5.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -257,8 +257,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -352,8 +352,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -420,8 +420,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -526,8 +526,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -605,8 +605,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -709,8 +709,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -754,8 +754,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -849,8 +849,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -894,8 +894,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -989,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1055,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1158,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1224,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1327,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1383,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1548,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1651,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1724,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1876,8 +1876,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1968,8 +1968,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2017,8 +2017,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2120,8 +2120,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2180,8 +2180,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2272,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2321,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2413,8 +2413,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2479,8 +2479,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2574,8 +2574,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2640,8 +2640,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2746,8 +2746,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2813,8 +2813,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2911,8 +2911,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2986,8 +2986,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -3084,8 +3084,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3284,8 +3284,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3361,8 +3361,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3467,8 +3467,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3521,8 +3521,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3619,8 +3619,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3667,8 +3667,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3759,8 +3759,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3825,8 +3825,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3920,8 +3920,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3986,8 +3986,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -4095,8 +4095,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -4187,8 +4187,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4253,8 +4253,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4348,8 +4348,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4414,8 +4414,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4520,8 +4520,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4570,8 +4570,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4662,8 +4662,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4710,8 +4710,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4779,39 +4779,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4819,28 +4819,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4848,25 +4848,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4874,21 +4874,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -4905,11 +4905,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4919,38 +4930,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4959,25 +4970,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4988,17 +4999,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5006,7 +5017,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5014,21 +5025,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5042,14 +5053,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5059,20 +5081,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5080,77 +5102,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,18 +5150,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5184,24 +5176,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -5215,29 +5204,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5253,77 +5242,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5331,17 +5290,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5349,7 +5308,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5357,24 +5316,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5388,48 +5344,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5437,16 +5382,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5470,31 +5415,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5502,16 +5460,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5534,7 +5492,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5576,20 +5534,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5597,16 +5555,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5630,48 +5588,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5694,7 +5665,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5747,20 +5718,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5768,18 +5739,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5787,58 +5758,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5853,21 +5814,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5881,37 +5842,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5919,75 +5880,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5996,7 +5963,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6005,19 +5972,22 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -6035,22 +6005,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -6060,134 +6019,210 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.4" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "41ad758bbe058560", - "name": "fluent-bit", - "version": "25.10.4", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.4", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6195,47 +6230,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6250,21 +6296,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6278,55 +6324,2197 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "41ad758bbe058560", + "name": "fluent-bit", + "version": "25.10.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -6335,48 +8523,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -6392,21 +8578,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -6420,13 +8606,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6437,20 +8623,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6458,10 +8644,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6469,42 +8663,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6519,21 +8731,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6547,23 +8759,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6575,20 +8781,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6596,10 +8802,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6607,42 +8821,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6657,21 +8889,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6685,23 +8917,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6713,77 +8939,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6796,18 +9008,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6822,24 +9034,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6853,13 +9062,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6870,77 +9079,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6953,18 +9148,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6979,24 +9174,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7010,23 +9202,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -7038,73 +9230,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7121,18 +9316,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7147,24 +9342,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7178,27 +9373,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7210,73 +9401,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7293,18 +9487,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7319,24 +9513,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7350,27 +9544,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7382,20 +9572,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7403,64 +9593,76 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02314 + "risk": 0.017945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7468,17 +9670,17 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7486,7 +9688,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7494,24 +9696,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -7525,120 +9727,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7646,7 +9856,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7654,24 +9864,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7685,135 +9892,145 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7821,21 +10038,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7849,122 +10069,138 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7979,21 +10215,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8007,42 +10246,48 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8050,18 +10295,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8069,47 +10314,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8124,21 +10369,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -8152,13 +10397,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8169,39 +10414,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8209,54 +10454,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8264,21 +10523,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8295,22 +10554,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8320,88 +10568,132 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8416,21 +10708,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8444,13 +10739,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8461,104 +10756,93 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8573,24 +10857,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -8604,23 +10885,23 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -8632,111 +10913,108 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8744,24 +11022,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8775,25 +11050,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8803,114 +11067,99 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.017945 + "advisories": [], + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8919,7 +11168,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8927,24 +11176,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8958,25 +11204,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8986,38 +11221,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9026,60 +11267,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01728 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9095,21 +11329,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9123,13 +11357,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9140,20 +11374,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9161,17 +11395,17 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9180,46 +11414,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9235,21 +11474,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9263,55 +11502,55 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9320,60 +11559,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01449 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9381,7 +11611,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9389,21 +11619,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9417,147 +11647,137 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -9574,24 +11794,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -9605,13 +11822,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9622,39 +11839,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9662,53 +11879,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -9723,21 +11935,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -9751,23 +11963,23 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -9779,37 +11991,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,59 +12031,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9888,21 +12087,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9916,13 +12115,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9933,20 +12132,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9954,79 +12153,79 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.012759999999999999 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10042,21 +12241,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10070,13 +12272,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10087,99 +12289,100 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10187,7 +12390,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10195,21 +12398,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, - "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10223,14 +12429,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10240,93 +12457,79 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10337,23 +12540,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10361,7 +12558,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10369,24 +12566,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10400,110 +12597,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10514,23 +12712,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10546,24 +12738,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10577,73 +12769,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10651,72 +12841,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10724,21 +12897,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -10752,14 +12925,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10769,20 +12953,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10790,17 +12974,17 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -10809,46 +12993,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10856,7 +13042,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10864,21 +13050,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10895,11 +13081,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10909,100 +13106,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 6.5, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11010,7 +13195,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11018,24 +13203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3784", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11049,14 +13231,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11066,100 +13259,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11175,24 +13356,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11206,23 +13384,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11234,100 +13412,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11343,24 +13509,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11374,27 +13537,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11406,100 +13565,99 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } - ], - "epss": [ - { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "epss": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], - "risk": 0.009785 + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -11507,7 +13665,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11515,24 +13673,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11546,29 +13701,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11601,8 +13741,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11667,8 +13807,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11762,8 +13902,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11828,8 +13968,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11934,8 +14074,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12004,8 +14144,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12105,8 +14245,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12175,8 +14315,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12264,39 +14404,198 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007125000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + ], + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -12304,67 +14603,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12372,21 +14678,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12400,14 +14706,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12417,38 +14734,44 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -12457,51 +14780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -12517,21 +14857,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12545,37 +14885,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12583,18 +14923,18 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -12602,59 +14942,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12662,21 +14997,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -12690,148 +15025,135 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 4.7, + "baseScore": 5.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12839,21 +15161,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12867,25 +15189,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12895,20 +15206,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12916,18 +15227,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12935,41 +15246,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006875 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12977,18 +15275,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13009,7 +15307,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13048,87 +15346,105 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13143,21 +15459,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13171,127 +15490,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006695 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13299,7 +15612,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13307,21 +15620,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13335,37 +15651,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13373,18 +15700,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -13392,47 +15719,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13447,21 +15763,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13475,120 +15791,91 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13605,24 +15892,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "0:3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "ead6ec3a96c03e8e", + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13639,117 +15923,98 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13766,24 +16031,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "7acafa332217c3b4", + "name": "openssl-fips-provider-so", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13800,69 +16062,71 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -13871,68 +16135,35 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" - ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13940,7 +16171,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13948,21 +16179,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13976,17 +16207,28 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -14016,8 +16258,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14104,8 +16346,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14134,18 +16376,187 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.00504 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -14159,13 +16570,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14176,112 +16587,107 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00504 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14297,24 +16703,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -14328,13 +16734,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14368,8 +16774,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14431,8 +16837,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14526,8 +16932,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14589,8 +16995,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14695,8 +17101,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14758,8 +17164,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14868,8 +17274,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14931,8 +17337,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -15041,8 +17447,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15101,8 +17507,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15168,151 +17574,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -15338,8 +17599,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15387,8 +17648,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15490,8 +17751,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15539,8 +17800,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15642,8 +17903,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15712,8 +17973,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15812,8 +18073,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15882,8 +18143,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15982,8 +18243,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16052,8 +18313,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16152,8 +18413,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16222,8 +18483,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16322,8 +18583,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16385,8 +18646,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16480,8 +18741,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16543,8 +18804,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16649,8 +18910,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16697,8 +18958,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16789,8 +19050,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16850,8 +19111,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16942,8 +19203,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17005,8 +19266,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17097,8 +19358,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17163,8 +19424,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17258,8 +19519,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17324,8 +19585,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17412,7 +19673,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17509,7 +19770,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -18005,107 +20266,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.10.5.md b/docs/security/agent/grype-25.10.5.md index d2d1f9e..31c9f27 100644 --- a/docs/security/agent/grype-25.10.5.md +++ b/docs/security/agent/grype-25.10.5.md @@ -8,6 +8,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -16,22 +17,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.10.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | @@ -72,7 +82,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -82,6 +91,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -91,25 +101,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.10.6.json b/docs/security/agent/grype-25.10.6.json index def96b1..b8faeb9 100644 --- a/docs/security/agent/grype-25.10.6.json +++ b/docs/security/agent/grype-25.10.6.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -257,8 +257,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -352,8 +352,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -420,8 +420,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -526,8 +526,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -605,8 +605,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -709,8 +709,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -754,8 +754,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -849,8 +849,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -894,8 +894,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -989,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1055,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1158,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1224,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1327,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1383,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1548,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1651,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1724,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1876,8 +1876,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1968,8 +1968,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2017,8 +2017,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2120,8 +2120,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2180,8 +2180,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2272,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2321,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2413,8 +2413,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2479,8 +2479,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2574,8 +2574,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2640,8 +2640,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2746,8 +2746,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2813,8 +2813,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2911,8 +2911,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2986,8 +2986,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -3084,8 +3084,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3284,8 +3284,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3361,8 +3361,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3467,8 +3467,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3521,8 +3521,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3619,8 +3619,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3667,8 +3667,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3759,8 +3759,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3825,8 +3825,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3920,8 +3920,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3986,8 +3986,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -4095,8 +4095,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -4187,8 +4187,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4253,8 +4253,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4348,8 +4348,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4414,8 +4414,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4520,8 +4520,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4570,8 +4570,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4662,8 +4662,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4710,8 +4710,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4779,39 +4779,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4819,28 +4819,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4848,25 +4848,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4874,21 +4874,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -4905,11 +4905,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4919,38 +4930,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4959,25 +4970,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4988,17 +4999,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5006,7 +5017,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5014,21 +5025,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5042,14 +5053,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5059,20 +5081,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5080,77 +5102,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,18 +5150,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5184,24 +5176,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -5215,29 +5204,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5253,77 +5242,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5331,17 +5290,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5349,7 +5308,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5357,24 +5316,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5388,48 +5344,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5437,16 +5382,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5470,31 +5415,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5502,16 +5460,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5534,7 +5492,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5576,20 +5534,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5597,16 +5555,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5630,48 +5588,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5694,7 +5665,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5747,20 +5718,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5768,18 +5739,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5787,58 +5758,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5853,21 +5814,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5881,37 +5842,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5919,75 +5880,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5996,7 +5963,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6005,19 +5972,22 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -6035,22 +6005,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -6060,134 +6019,210 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.6" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7c565ae309ebd658", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6195,47 +6230,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6250,21 +6296,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6278,55 +6324,2197 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "7c565ae309ebd658", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -6335,48 +8523,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -6392,21 +8578,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -6420,13 +8606,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6437,20 +8623,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6458,10 +8644,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6469,42 +8663,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6519,21 +8731,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6547,23 +8759,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6575,20 +8781,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6596,10 +8802,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6607,42 +8821,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6657,21 +8889,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6685,23 +8917,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6713,77 +8939,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6796,18 +9008,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6822,24 +9034,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6853,13 +9062,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6870,77 +9079,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6953,18 +9148,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6979,24 +9174,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7010,23 +9202,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -7038,73 +9230,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7121,18 +9316,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7147,24 +9342,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7178,27 +9373,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7210,73 +9401,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7293,18 +9487,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7319,24 +9513,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7350,27 +9544,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7382,20 +9572,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7403,64 +9593,76 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02314 + "risk": 0.017945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7468,17 +9670,17 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7486,7 +9688,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7494,24 +9696,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -7525,120 +9727,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7646,7 +9856,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7654,24 +9864,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7685,135 +9892,145 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7821,21 +10038,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7849,122 +10069,138 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7979,21 +10215,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8007,42 +10246,48 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8050,18 +10295,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8069,47 +10314,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8124,21 +10369,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -8152,13 +10397,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8169,39 +10414,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8209,54 +10454,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8264,21 +10523,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8295,22 +10554,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8320,88 +10568,132 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8416,21 +10708,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8444,13 +10739,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8461,104 +10756,93 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8573,24 +10857,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -8604,23 +10885,23 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -8632,111 +10913,108 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8744,24 +11022,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8775,25 +11050,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8803,114 +11067,99 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.017945 + "advisories": [], + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8919,7 +11168,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8927,24 +11176,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8958,25 +11204,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8986,38 +11221,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9026,60 +11267,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01728 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9095,21 +11329,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9123,13 +11357,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9140,20 +11374,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9161,17 +11395,17 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9180,46 +11414,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9235,21 +11474,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9263,55 +11502,55 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9320,60 +11559,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01449 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9381,7 +11611,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9389,21 +11619,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9417,147 +11647,137 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -9574,24 +11794,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -9605,13 +11822,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9622,39 +11839,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9662,53 +11879,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -9723,21 +11935,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -9751,23 +11963,23 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -9779,37 +11991,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,59 +12031,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9888,21 +12087,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9916,13 +12115,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9933,20 +12132,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9954,79 +12153,79 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.012759999999999999 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10042,21 +12241,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10070,13 +12272,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10087,99 +12289,100 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10187,7 +12390,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10195,21 +12398,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, - "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10223,14 +12429,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10240,93 +12457,79 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10337,23 +12540,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10361,7 +12558,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10369,24 +12566,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10400,110 +12597,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10514,23 +12712,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10546,24 +12738,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10577,73 +12769,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10651,72 +12841,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10724,21 +12897,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -10752,14 +12925,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10769,20 +12953,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10790,17 +12974,17 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -10809,46 +12993,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10856,7 +13042,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10864,21 +13050,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10895,11 +13081,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10909,100 +13106,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 6.5, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11010,7 +13195,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11018,24 +13203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3784", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11049,14 +13231,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11066,100 +13259,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11175,24 +13356,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11206,23 +13384,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11234,100 +13412,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11343,24 +13509,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11374,27 +13537,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11406,100 +13565,99 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } - ], - "epss": [ - { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "epss": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], - "risk": 0.009785 + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -11507,7 +13665,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11515,24 +13673,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11546,29 +13701,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11601,8 +13741,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11667,8 +13807,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11762,8 +13902,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11828,8 +13968,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11934,8 +14074,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12004,8 +14144,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12105,8 +14245,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12175,8 +14315,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12264,39 +14404,198 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007125000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + ], + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -12304,67 +14603,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12372,21 +14678,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12400,14 +14706,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12417,38 +14734,44 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -12457,51 +14780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -12517,21 +14857,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12545,37 +14885,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12583,18 +14923,18 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -12602,59 +14942,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12662,21 +14997,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -12690,148 +15025,135 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 4.7, + "baseScore": 5.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12839,21 +15161,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12867,25 +15189,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12895,20 +15206,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12916,18 +15227,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12935,41 +15246,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006875 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12977,18 +15275,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13009,7 +15307,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13048,87 +15346,105 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13143,21 +15459,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13171,127 +15490,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006695 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13299,7 +15612,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13307,21 +15620,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13335,37 +15651,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13373,18 +15700,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -13392,47 +15719,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13447,21 +15763,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13475,120 +15791,91 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13605,24 +15892,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "0:3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "ead6ec3a96c03e8e", + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13639,117 +15923,98 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13766,24 +16031,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "7acafa332217c3b4", + "name": "openssl-fips-provider-so", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13800,69 +16062,71 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -13871,68 +16135,35 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" - ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13940,7 +16171,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13948,21 +16179,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13976,17 +16207,28 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -14016,8 +16258,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14104,8 +16346,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14134,18 +16376,187 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.00504 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -14159,13 +16570,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14176,112 +16587,107 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00504 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14297,24 +16703,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -14328,13 +16734,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14368,8 +16774,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14431,8 +16837,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14526,8 +16932,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14589,8 +16995,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14695,8 +17101,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14758,8 +17164,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14868,8 +17274,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14931,8 +17337,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -15041,8 +17447,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15101,8 +17507,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15168,151 +17574,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -15338,8 +17599,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15387,8 +17648,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15490,8 +17751,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15539,8 +17800,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15642,8 +17903,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15712,8 +17973,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15812,8 +18073,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15882,8 +18143,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15982,8 +18243,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16052,8 +18313,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16152,8 +18413,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16222,8 +18483,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16322,8 +18583,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16385,8 +18646,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16480,8 +18741,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16543,8 +18804,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16649,8 +18910,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16697,8 +18958,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16789,8 +19050,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16850,8 +19111,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16942,8 +19203,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17005,8 +19266,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17097,8 +19358,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17163,8 +19424,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17258,8 +19519,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17324,8 +19585,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17412,7 +19673,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17509,7 +19770,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -18005,107 +20266,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.10.6.md b/docs/security/agent/grype-25.10.6.md index 072157d..7b24a39 100644 --- a/docs/security/agent/grype-25.10.6.md +++ b/docs/security/agent/grype-25.10.6.md @@ -8,6 +8,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -16,22 +17,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | @@ -72,7 +82,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -82,6 +91,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -91,25 +101,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.10.7.json b/docs/security/agent/grype-25.10.7.json index fd91e3b..42fb8d8 100644 --- a/docs/security/agent/grype-25.10.7.json +++ b/docs/security/agent/grype-25.10.7.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -257,8 +257,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -352,8 +352,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -420,8 +420,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -526,8 +526,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -605,8 +605,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -709,8 +709,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -754,8 +754,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -849,8 +849,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -894,8 +894,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -989,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1055,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1158,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1224,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1327,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1383,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1548,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1651,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1724,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1876,8 +1876,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1968,8 +1968,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2017,8 +2017,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2120,8 +2120,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2180,8 +2180,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2272,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2321,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2413,8 +2413,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2479,8 +2479,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2574,8 +2574,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2640,8 +2640,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2746,8 +2746,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2813,8 +2813,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2911,8 +2911,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2986,8 +2986,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -3084,8 +3084,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3284,8 +3284,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3361,8 +3361,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3467,8 +3467,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3521,8 +3521,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3619,8 +3619,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3667,8 +3667,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3759,8 +3759,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3825,8 +3825,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3920,8 +3920,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3986,8 +3986,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -4095,8 +4095,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -4187,8 +4187,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4253,8 +4253,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4348,8 +4348,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4414,8 +4414,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4520,8 +4520,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4570,8 +4570,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4662,8 +4662,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4710,8 +4710,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4779,39 +4779,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4819,28 +4819,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4848,25 +4848,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4874,21 +4874,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -4905,11 +4905,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4919,38 +4930,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4959,25 +4970,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4988,17 +4999,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5006,7 +5017,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5014,21 +5025,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5042,14 +5053,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5059,20 +5081,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5080,77 +5102,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,18 +5150,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5184,24 +5176,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -5215,29 +5204,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5253,77 +5242,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5331,17 +5290,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5349,7 +5308,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5357,24 +5316,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5388,48 +5344,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5437,16 +5382,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5470,31 +5415,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5502,16 +5460,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5534,7 +5492,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5576,20 +5534,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5597,16 +5555,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5630,48 +5588,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5694,7 +5665,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5747,20 +5718,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5768,18 +5739,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5787,58 +5758,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5853,21 +5814,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5881,37 +5842,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5919,75 +5880,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5996,7 +5963,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6005,19 +5972,22 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -6035,22 +6005,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -6060,134 +6019,210 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.6" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "3b096a4569cbd31e", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6195,47 +6230,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6250,21 +6296,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6278,55 +6324,2197 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "3b096a4569cbd31e", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -6335,48 +8523,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -6392,21 +8578,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -6420,13 +8606,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6437,20 +8623,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6458,10 +8644,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6469,42 +8663,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6519,21 +8731,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6547,23 +8759,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6575,20 +8781,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6596,10 +8802,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6607,42 +8821,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6657,21 +8889,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6685,23 +8917,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6713,77 +8939,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6796,18 +9008,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6822,24 +9034,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6853,13 +9062,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6870,77 +9079,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6953,18 +9148,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6979,24 +9174,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7010,23 +9202,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -7038,73 +9230,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7121,18 +9316,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7147,24 +9342,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7178,27 +9373,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7210,73 +9401,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7293,18 +9487,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7319,24 +9513,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7350,27 +9544,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7382,20 +9572,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7403,64 +9593,76 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02314 + "risk": 0.017945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7468,17 +9670,17 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7486,7 +9688,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7494,24 +9696,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -7525,120 +9727,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7646,7 +9856,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7654,24 +9864,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7685,135 +9892,145 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7821,21 +10038,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7849,122 +10069,138 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7979,21 +10215,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8007,42 +10246,48 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8050,18 +10295,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8069,47 +10314,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8124,21 +10369,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -8152,13 +10397,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8169,39 +10414,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8209,54 +10454,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8264,21 +10523,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8295,22 +10554,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8320,88 +10568,132 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8416,21 +10708,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8444,13 +10739,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8461,104 +10756,93 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8573,24 +10857,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -8604,23 +10885,23 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -8632,111 +10913,108 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8744,24 +11022,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8775,25 +11050,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8803,114 +11067,99 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.017945 + "advisories": [], + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8919,7 +11168,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8927,24 +11176,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8958,25 +11204,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8986,38 +11221,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9026,60 +11267,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01728 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9095,21 +11329,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9123,13 +11357,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9140,20 +11374,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9161,17 +11395,17 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9180,46 +11414,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9235,21 +11474,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9263,55 +11502,55 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9320,60 +11559,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01449 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9381,7 +11611,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9389,21 +11619,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9417,147 +11647,137 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -9574,24 +11794,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -9605,13 +11822,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9622,39 +11839,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9662,53 +11879,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -9723,21 +11935,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -9751,23 +11963,23 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -9779,37 +11991,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,59 +12031,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9888,21 +12087,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9916,13 +12115,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9933,20 +12132,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9954,79 +12153,79 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.012759999999999999 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10042,21 +12241,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10070,13 +12272,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10087,99 +12289,100 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10187,7 +12390,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10195,21 +12398,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, - "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10223,14 +12429,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10240,93 +12457,79 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10337,23 +12540,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10361,7 +12558,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10369,24 +12566,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10400,110 +12597,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10514,23 +12712,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10546,24 +12738,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10577,73 +12769,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10651,72 +12841,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10724,21 +12897,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -10752,14 +12925,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10769,20 +12953,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10790,17 +12974,17 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -10809,46 +12993,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10856,7 +13042,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10864,21 +13050,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10895,11 +13081,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10909,100 +13106,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 6.5, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11010,7 +13195,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11018,24 +13203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3784", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11049,14 +13231,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11066,100 +13259,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11175,24 +13356,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11206,23 +13384,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11234,100 +13412,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11343,24 +13509,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11374,27 +13537,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11406,100 +13565,99 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } - ], - "epss": [ - { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "epss": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], - "risk": 0.009785 + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -11507,7 +13665,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11515,24 +13673,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11546,29 +13701,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11601,8 +13741,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11667,8 +13807,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11762,8 +13902,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11828,8 +13968,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11934,8 +14074,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12004,8 +14144,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12105,8 +14245,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12175,8 +14315,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12264,39 +14404,198 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007125000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + ], + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -12304,67 +14603,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12372,21 +14678,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12400,14 +14706,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12417,38 +14734,44 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -12457,51 +14780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -12517,21 +14857,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12545,37 +14885,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12583,18 +14923,18 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -12602,59 +14942,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12662,21 +14997,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -12690,148 +15025,135 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 4.7, + "baseScore": 5.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12839,21 +15161,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12867,25 +15189,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12895,20 +15206,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12916,18 +15227,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12935,41 +15246,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006875 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12977,18 +15275,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13009,7 +15307,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13048,87 +15346,105 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13143,21 +15459,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13171,127 +15490,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006695 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13299,7 +15612,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13307,21 +15620,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13335,37 +15651,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13373,18 +15700,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -13392,47 +15719,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13447,21 +15763,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13475,120 +15791,91 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13605,24 +15892,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "0:3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "ead6ec3a96c03e8e", + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13639,117 +15923,98 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13766,24 +16031,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "7acafa332217c3b4", + "name": "openssl-fips-provider-so", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13800,69 +16062,71 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -13871,68 +16135,35 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" - ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13940,7 +16171,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13948,21 +16179,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13976,17 +16207,28 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -14016,8 +16258,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14104,8 +16346,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14134,18 +16376,187 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.00504 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -14159,13 +16570,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14176,112 +16587,107 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00504 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14297,24 +16703,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -14328,13 +16734,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14368,8 +16774,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14431,8 +16837,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14526,8 +16932,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14589,8 +16995,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14695,8 +17101,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14758,8 +17164,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14868,8 +17274,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14931,8 +17337,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -15041,8 +17447,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15101,8 +17507,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15168,151 +17574,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -15338,8 +17599,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15387,8 +17648,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15490,8 +17751,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15539,8 +17800,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15642,8 +17903,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15712,8 +17973,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15812,8 +18073,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15882,8 +18143,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15982,8 +18243,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16052,8 +18313,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16152,8 +18413,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16222,8 +18483,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16322,8 +18583,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16385,8 +18646,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16480,8 +18741,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16543,8 +18804,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16649,8 +18910,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16697,8 +18958,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16789,8 +19050,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16850,8 +19111,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16942,8 +19203,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17005,8 +19266,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17097,8 +19358,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17163,8 +19424,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17258,8 +19519,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17324,8 +19585,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17412,7 +19673,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17509,7 +19770,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -18005,107 +20266,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.10.7.md b/docs/security/agent/grype-25.10.7.md index f8ea22b..399a403 100644 --- a/docs/security/agent/grype-25.10.7.md +++ b/docs/security/agent/grype-25.10.7.md @@ -8,6 +8,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -16,22 +17,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | @@ -72,7 +82,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -82,6 +91,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -91,25 +101,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.10.8.json b/docs/security/agent/grype-25.10.8.json index 017dff0..395d4ec 100644 --- a/docs/security/agent/grype-25.10.8.json +++ b/docs/security/agent/grype-25.10.8.json @@ -25,8 +25,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -93,8 +93,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -188,8 +188,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -256,8 +256,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -362,8 +362,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -441,8 +441,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -545,8 +545,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -590,8 +590,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -685,8 +685,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -730,8 +730,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -825,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -891,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -994,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1060,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1163,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1219,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1311,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1384,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1487,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1560,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1712,8 +1712,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1804,8 +1804,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1853,8 +1853,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1956,8 +1956,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2016,8 +2016,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2108,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2157,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2249,8 +2249,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2315,8 +2315,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2410,8 +2410,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2476,8 +2476,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2582,8 +2582,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2649,8 +2649,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2747,8 +2747,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2822,8 +2822,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2920,8 +2920,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3016,8 +3016,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3120,8 +3120,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3174,8 +3174,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3272,8 +3272,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3320,8 +3320,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3412,8 +3412,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3478,8 +3478,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3573,8 +3573,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3639,8 +3639,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3748,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -3840,8 +3840,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -3906,8 +3906,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4001,8 +4001,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4067,8 +4067,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4173,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4223,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4315,8 +4315,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4363,8 +4363,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4432,39 +4432,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4472,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4501,25 +4501,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4527,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4558,11 +4558,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4572,38 +4583,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4612,25 +4623,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4641,17 +4652,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4659,7 +4670,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4667,21 +4678,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4695,14 +4706,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4712,20 +4734,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4733,77 +4755,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,18 +4803,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4837,24 +4829,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -4868,29 +4857,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -4906,77 +4895,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4984,17 +4943,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5002,7 +4961,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5010,24 +4969,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5041,48 +4997,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5090,16 +5035,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5123,31 +5068,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5155,16 +5113,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5187,7 +5145,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5229,20 +5187,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5208,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,48 +5241,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5347,7 +5318,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5400,20 +5371,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5421,18 +5392,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5440,58 +5411,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5506,21 +5467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5534,37 +5495,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5572,75 +5533,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5649,7 +5616,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5658,19 +5625,22 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -5688,22 +5658,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5713,97 +5672,2466 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.8" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "92b9576bd60528c3", + "name": "fluent-bit", + "version": "25.10.8", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.8", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.8" - } + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "92b9576bd60528c3", - "name": "fluent-bit", - "version": "25.10.8", - "type": "binary", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.8", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { @@ -5830,9 +8158,9 @@ "epss": [ { "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ @@ -5848,7 +8176,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { @@ -5860,34 +8188,187 @@ "https://access.redhat.com/security/cve/CVE-2026-0988", "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -5895,7 +8376,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5903,21 +8384,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -5931,14 +8412,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5948,20 +8434,20 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5969,16 +8455,16 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -5988,47 +8474,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -6037,7 +8534,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6045,21 +8542,21 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -6073,14 +8570,19 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6090,31 +8592,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6122,31 +8632,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6154,17 +8661,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6172,21 +8687,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6200,25 +8715,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6228,31 +8732,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6260,31 +8772,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6292,10 +8801,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6310,21 +8827,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6338,23 +8855,23 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -6366,73 +8883,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6449,25 +8969,25 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6475,24 +8995,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6506,14 +9026,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6523,73 +9054,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6606,18 +9140,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6632,24 +9166,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6663,23 +9197,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -6691,100 +9225,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6792,7 +9326,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6800,24 +9334,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6831,29 +9362,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6863,100 +9379,86 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6964,7 +9466,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6972,24 +9474,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -7003,29 +9502,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7035,103 +9519,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7147,24 +9628,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7178,128 +9656,156 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:2.3.3-5.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.02314 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7307,24 +9813,24 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7338,67 +9844,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7406,60 +9901,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7474,21 +9962,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -7502,17 +9990,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -7524,39 +10018,39 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7564,67 +10058,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7632,21 +10127,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7660,19 +10155,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "BSD" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7682,20 +10172,20 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7703,18 +10193,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7722,47 +10212,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7777,21 +10281,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7808,10 +10312,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7822,39 +10326,45 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -7862,54 +10372,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7917,21 +10434,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7945,25 +10462,14 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7973,20 +10479,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7994,17 +10500,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8013,47 +10519,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8069,21 +10579,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8097,37 +10607,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8135,64 +10645,52 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8200,18 +10698,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -8226,24 +10724,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8257,129 +10752,136 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -8389,7 +10891,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8397,24 +10899,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -8428,25 +10927,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8456,39 +10944,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -8496,68 +10984,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01728 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8565,21 +11040,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "e28c009b2c72d8a9", + "name": "systemd-libs", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -8593,14 +11068,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8610,37 +11096,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8650,45 +11136,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8705,21 +11192,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -8733,13 +11220,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8750,100 +11237,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01449 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" - ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8859,21 +11346,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8887,13 +11377,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8904,139 +11394,108 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { "versions": [ - "0:2.3.3-5.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.013770000000000001 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9044,24 +11503,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9075,14 +11534,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9092,92 +11562,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01363 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9193,21 +11671,24 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9221,23 +11702,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -9249,100 +11734,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013109999999999998 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9350,7 +11835,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9358,21 +11843,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9386,14 +11874,29 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9403,20 +11906,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9424,17 +11927,17 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9443,60 +11946,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012759999999999999 + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], - "epss": [ - { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "epss": [ + { + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9504,7 +11994,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9512,21 +12002,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -9540,14 +12030,25 @@ ], "language": "", "licenses": [ - "BSD" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9557,44 +12058,38 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9603,53 +12098,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9657,7 +12147,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9665,21 +12155,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9693,14 +12183,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9710,45 +12211,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -9756,40 +12251,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -9797,31 +12282,25 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9829,21 +12308,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9857,14 +12336,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9874,20 +12364,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.7, + "exploitabilityScore": 2.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9895,17 +12385,17 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9914,46 +12404,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9961,7 +12453,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9969,21 +12461,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10000,11 +12492,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10014,100 +12517,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10115,7 +12606,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10123,24 +12614,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10154,14 +12642,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10171,20 +12670,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10192,79 +12691,78 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10272,7 +12770,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10280,24 +12778,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10306,30 +12801,19 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" + } } ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10339,82 +12823,86 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10422,17 +12910,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10440,7 +12928,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10448,24 +12936,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10479,114 +12967,103 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10594,17 +13071,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10620,24 +13097,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10651,69 +13128,71 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10737,49 +13216,53 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0072250000000000005 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10802,7 +13285,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", + "vulnerabilityID": "CVE-2025-11187", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -10844,37 +13327,43 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10898,49 +13387,53 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0072250000000000005 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10963,7 +13456,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", + "vulnerabilityID": "CVE-2025-11187", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -11016,114 +13509,99 @@ }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11139,24 +13617,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11170,132 +13645,130 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -11310,24 +13783,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -11341,66 +13811,72 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -11409,41 +13885,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11451,17 +13930,23 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11483,7 +13968,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } @@ -11522,20 +14007,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11543,18 +14028,18 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -11562,52 +14047,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -11622,21 +14102,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11650,108 +14130,127 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11759,7 +14258,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11767,21 +14266,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -11795,72 +14294,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ], @@ -11869,66 +14351,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ] @@ -11936,7 +14398,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11944,21 +14406,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11972,25 +14434,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12000,99 +14451,104 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006875 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12108,21 +14564,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12136,111 +14595,129 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12248,21 +14725,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12276,127 +14756,103 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" - ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12412,21 +14868,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12440,37 +14896,37 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12478,18 +14934,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12497,47 +14953,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12552,21 +14997,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl-fips-provider", + "version": "0:3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "3f743355082e9e4b", + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12580,13 +15025,23 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12597,103 +15052,74 @@ }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0060999999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12702,7 +15128,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12710,24 +15136,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "039e508ce9d5da38", + "name": "openssl-fips-provider-so", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12741,120 +15164,110 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "upstreams": [ + { + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12877,11 +15290,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], @@ -12930,114 +15340,126 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 6.2, + "baseScore": 7.7, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005979999999999999 + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.00508 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/errata/RHSA-2026:2064", + "https://access.redhat.com/errata/RHSA-2026:2072", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", + "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13053,21 +15475,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -13081,13 +15506,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13098,125 +15523,106 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00508 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/errata/RHSA-2026:1323", - "https://access.redhat.com/errata/RHSA-2026:1324", - "https://access.redhat.com/errata/RHSA-2026:1326", - "https://access.redhat.com/errata/RHSA-2026:1327", - "https://access.redhat.com/errata/RHSA-2026:1465", - "https://access.redhat.com/errata/RHSA-2026:1608", - "https://access.redhat.com/errata/RHSA-2026:1624", - "https://access.redhat.com/errata/RHSA-2026:1625", - "https://access.redhat.com/errata/RHSA-2026:1626", - "https://access.redhat.com/errata/RHSA-2026:1627", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/errata/RHSA-2026:1736", - "https://access.redhat.com/errata/RHSA-2026:2064", - "https://access.redhat.com/errata/RHSA-2026:2072", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2633", - "https://access.redhat.com/errata/RHSA-2026:2659", - "https://access.redhat.com/errata/RHSA-2026:2671", - "https://access.redhat.com/errata/RHSA-2026:2974", - "https://access.redhat.com/errata/RHSA-2026:3415", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -13233,24 +15639,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -13264,13 +15670,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13304,8 +15710,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13367,8 +15773,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13462,8 +15868,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13525,8 +15931,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13631,8 +16037,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13694,8 +16100,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13804,8 +16210,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13867,8 +16273,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13977,8 +16383,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -14037,8 +16443,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -14104,151 +16510,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -14274,8 +16535,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14323,8 +16584,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14426,8 +16687,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14475,8 +16736,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14578,8 +16839,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14648,8 +16909,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14748,8 +17009,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14818,8 +17079,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14918,8 +17179,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14988,8 +17249,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15088,8 +17349,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15158,8 +17419,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15258,8 +17519,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15321,8 +17582,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15416,8 +17677,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15479,8 +17740,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15585,8 +17846,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15633,8 +17894,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15725,8 +17986,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -15786,8 +18047,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -15878,8 +18139,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -15941,8 +18202,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16033,8 +18294,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16099,8 +18360,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16194,8 +18455,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16260,8 +18521,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16348,7 +18609,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -16445,7 +18706,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -16941,107 +19202,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.10.8.md b/docs/security/agent/grype-25.10.8.md index 98d2f43..79fafb9 100644 --- a/docs/security/agent/grype-25.10.8.md +++ b/docs/security/agent/grype-25.10.8.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -15,19 +16,28 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.10.8 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.8 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd-libs | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | @@ -66,7 +76,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -76,6 +85,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -85,25 +95,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.10.9.json b/docs/security/agent/grype-25.10.9.json index 8c32f0b..1df5270 100644 --- a/docs/security/agent/grype-25.10.9.json +++ b/docs/security/agent/grype-25.10.9.json @@ -25,8 +25,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -93,8 +93,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -188,8 +188,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -256,8 +256,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -362,8 +362,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -441,8 +441,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -545,8 +545,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -590,8 +590,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -685,8 +685,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -730,8 +730,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -825,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -891,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -994,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1060,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1163,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1219,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1311,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1384,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1487,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1560,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1712,8 +1712,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1804,8 +1804,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1853,8 +1853,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1956,8 +1956,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2016,8 +2016,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2108,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2157,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2249,8 +2249,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2315,8 +2315,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2410,8 +2410,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2476,8 +2476,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2582,8 +2582,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2649,8 +2649,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2747,8 +2747,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2822,8 +2822,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2920,8 +2920,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3016,8 +3016,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3120,8 +3120,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3174,8 +3174,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3272,8 +3272,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3320,8 +3320,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3412,8 +3412,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3478,8 +3478,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3573,8 +3573,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3639,8 +3639,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3748,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -3840,8 +3840,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -3906,8 +3906,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4001,8 +4001,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4067,8 +4067,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4173,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4223,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4315,8 +4315,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4363,8 +4363,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4432,39 +4432,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4472,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4501,25 +4501,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4527,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4558,11 +4558,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4572,38 +4583,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4612,25 +4623,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4641,17 +4652,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4659,7 +4670,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4667,21 +4678,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4695,14 +4706,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4712,20 +4734,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4733,77 +4755,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,18 +4803,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4837,24 +4829,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4868,29 +4857,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -4906,77 +4895,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4984,17 +4943,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5002,7 +4961,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5010,24 +4969,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5041,48 +4997,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5090,16 +5035,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5123,31 +5068,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5155,16 +5113,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5187,7 +5145,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5229,20 +5187,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5208,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,48 +5241,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5347,7 +5318,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5400,20 +5371,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5421,18 +5392,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5440,58 +5411,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5506,21 +5467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5534,37 +5495,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5572,75 +5533,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5649,7 +5616,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5658,19 +5625,22 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -5688,22 +5658,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5713,134 +5672,210 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.9" - } + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "20f835972e5f52cf", - "name": "fluent-bit", - "version": "25.10.9", - "type": "binary", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:376e7117cb6f040357562723990ec8ecc4af4895d62c7b82d8143dc9036ca111", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.9", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5848,47 +5883,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5903,21 +5949,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5931,37 +5977,37 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5969,18 +6015,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5988,12 +6034,269 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.9" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "20f835972e5f52cf", + "name": "fluent-bit", + "version": "25.10.9", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:376e7117cb6f040357562723990ec8ecc4af4895d62c7b82d8143dc9036ca111", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.9", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ @@ -6020,9 +6323,9 @@ "epss": [ { "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ @@ -6095,7 +6398,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "cvss": [ { "type": "Secondary", @@ -6113,8 +6416,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "percentile": 0.15514, + "date": "2026-03-16" } ], "fix": { @@ -6156,8 +6459,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "percentile": 0.15514, + "date": "2026-03-16" } ] } @@ -6233,7 +6536,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "cvss": [ { "type": "Secondary", @@ -6251,8 +6554,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "percentile": 0.15514, + "date": "2026-03-16" } ], "fix": { @@ -6294,8 +6597,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "percentile": 0.15514, + "date": "2026-03-16" } ] } @@ -6389,8 +6692,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ @@ -6451,8 +6754,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ @@ -6546,8 +6849,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ @@ -6608,8 +6911,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ @@ -6714,8 +7017,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ @@ -6776,8 +7079,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ @@ -6886,8 +7189,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ @@ -6948,8 +7251,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ @@ -7035,103 +7338,104 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.02314 + "risk": 0.023175 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7147,24 +7451,24 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -7178,102 +7482,87 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.023164999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7281,17 +7570,17 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -7307,24 +7596,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -7338,67 +7624,67 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7406,60 +7692,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.023164999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -7474,23 +7749,23 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2026-3805", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", - "type": "rpm", - "locations": [ + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", @@ -7502,17 +7777,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -7524,20 +7805,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7545,86 +7826,90 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7632,21 +7917,24 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7660,90 +7948,102 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019090000000000003 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7751,25 +8051,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7777,23 +8077,26 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", @@ -7805,37 +8108,48 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7843,17 +8157,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", + "cve": "CVE-2026-0988", "cwe": "CWE-190", - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -7862,46 +8176,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", + "cve": "CVE-2026-0988", "cwe": "CWE-190", - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -7909,7 +8223,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7917,21 +8231,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -7945,25 +8259,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7973,39 +8276,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8013,55 +8316,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8069,21 +8384,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -8097,14 +8412,19 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8114,102 +8434,98 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -8226,24 +8542,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -8257,23 +8570,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "gcc", + "version": "11.5.0-11.el9" } ], "metadataType": "RpmMetadata", @@ -8285,12 +8592,12 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -8306,59 +8613,42 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -8371,16 +8661,16 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -8389,7 +8679,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8397,24 +8687,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8428,25 +8715,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8456,97 +8732,68 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.017945 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8554,18 +8801,18 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8580,24 +8827,21 @@ "version": "9.7" }, "package": { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "120d5875527c431e", - "name": "systemd-libs", - "version": "252-55.el9_7.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8611,23 +8855,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -8639,108 +8883,111 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01728 + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8748,21 +8995,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -8776,14 +9026,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8793,20 +9054,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8814,73 +9075,90 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 - }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.018025 + }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8888,21 +9166,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -8916,14 +9197,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8933,99 +9225,114 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01449 + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.017945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9034,7 +9341,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9042,21 +9349,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "systemd", + "version": "252-55.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "120d5875527c431e", + "name": "systemd-libs", + "version": "252-55.el9_7.2", "type": "rpm", "locations": [ { @@ -9070,14 +9380,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9087,132 +9408,101 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -9227,24 +9517,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9258,13 +9545,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9275,37 +9562,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9315,51 +9602,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9368,7 +9649,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9376,21 +9657,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -9404,25 +9685,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9432,12 +9702,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", @@ -9453,16 +9723,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9472,31 +9742,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 6.6, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -9515,16 +9785,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9547,7 +9817,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } @@ -9586,101 +9856,132 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.012759999999999999 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9695,21 +9996,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9723,13 +10027,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9740,44 +10044,38 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9786,53 +10084,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9840,7 +10137,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9848,42 +10145,1941 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013109999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.012759999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01239 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01098 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01098 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01053 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" + ], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "systemd", + "version": "252-55.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-4105", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "120d5875527c431e", + "name": "systemd-libs", + "version": "252-55.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT" + ], + "cpes": [ + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01008 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" + ], + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1757", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9893,45 +12089,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -9939,72 +12129,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10012,21 +12185,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -10040,14 +12213,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10057,20 +12241,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10078,17 +12262,17 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -10097,46 +12281,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10144,7 +12330,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10152,21 +12338,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10183,11 +12369,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10197,100 +12394,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 6.5, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10298,7 +12483,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10306,24 +12491,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3784", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10337,14 +12519,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10354,100 +12547,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10463,24 +12644,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10494,23 +12672,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -10522,100 +12700,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10631,24 +12797,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10662,27 +12825,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -10694,100 +12853,99 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } - ], - "epss": [ - { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "epss": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], - "risk": 0.009785 + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10795,7 +12953,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10803,24 +12961,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -10834,29 +12989,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10889,8 +13029,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -10955,8 +13095,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11050,8 +13190,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11116,8 +13256,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11222,8 +13362,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -11292,8 +13432,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -11393,8 +13533,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -11463,8 +13603,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -11557,34 +13697,193 @@ "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007125000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + ], + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -11592,67 +13891,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11660,21 +13966,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -11688,14 +13994,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11705,38 +14022,44 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -11745,51 +14068,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11805,21 +14145,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11833,37 +14173,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11871,18 +14211,18 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -11890,59 +14230,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11950,21 +14285,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11978,148 +14313,135 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 4.7, + "baseScore": 5.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12127,21 +14449,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12155,25 +14477,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12183,20 +14494,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12204,18 +14515,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12223,41 +14534,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006875 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12265,18 +14563,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -12297,7 +14595,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -12336,87 +14634,105 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + { + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12431,21 +14747,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12459,127 +14778,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006695 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12587,7 +14900,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12595,21 +14908,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12623,37 +14939,48 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12661,18 +14988,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12680,47 +15007,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12735,21 +15051,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12763,120 +15079,91 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12893,24 +15180,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "openssl-fips-provider", + "version": "0:3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "3f743355082e9e4b", + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12924,120 +15208,101 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13054,24 +15319,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "039e508ce9d5da38", + "name": "openssl-fips-provider-so", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -13085,72 +15347,74 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -13159,68 +15423,35 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" - ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13228,7 +15459,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13236,21 +15467,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -13264,17 +15495,28 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -13304,8 +15546,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -13392,8 +15634,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -13422,18 +15664,187 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.00504 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13447,13 +15858,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13464,112 +15875,107 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00504 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13585,24 +15991,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -13616,13 +16022,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13656,8 +16062,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13719,8 +16125,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13814,8 +16220,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13877,8 +16283,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13983,8 +16389,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14046,8 +16452,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14156,8 +16562,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14219,8 +16625,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14329,8 +16735,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -14389,8 +16795,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -14456,151 +16862,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -14626,8 +16887,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14675,8 +16936,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14778,8 +17039,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14827,8 +17088,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14930,8 +17191,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15000,8 +17261,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15100,8 +17361,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15170,8 +17431,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15270,8 +17531,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15340,8 +17601,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15440,8 +17701,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15510,8 +17771,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15610,8 +17871,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15673,8 +17934,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15768,8 +18029,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15831,8 +18092,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15937,8 +18198,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15985,8 +18246,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16077,8 +18338,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16138,8 +18399,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16230,8 +18491,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16293,8 +18554,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16385,8 +18646,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16451,8 +18712,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16546,8 +18807,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16612,8 +18873,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16700,7 +18961,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -16797,7 +19058,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17293,107 +19554,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.10.9.md b/docs/security/agent/grype-25.10.9.md index c0b1173..c937bc0 100644 --- a/docs/security/agent/grype-25.10.9.md +++ b/docs/security/agent/grype-25.10.9.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -15,20 +16,29 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.10.9 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.9 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd-libs | 252-55.el9_7.2 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | @@ -68,7 +78,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -78,6 +87,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -87,25 +97,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.11.1.json b/docs/security/agent/grype-25.11.1.json index 7db36ee..02bba8d 100644 --- a/docs/security/agent/grype-25.11.1.json +++ b/docs/security/agent/grype-25.11.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -257,8 +257,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -352,8 +352,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -420,8 +420,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -526,8 +526,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -605,8 +605,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -709,8 +709,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -754,8 +754,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -849,8 +849,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -894,8 +894,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -989,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1055,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1158,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1224,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1327,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1383,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1548,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1651,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1724,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1876,8 +1876,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1968,8 +1968,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2017,8 +2017,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2120,8 +2120,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2180,8 +2180,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2272,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2321,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2413,8 +2413,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2479,8 +2479,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2574,8 +2574,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2640,8 +2640,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2746,8 +2746,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2813,8 +2813,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2911,8 +2911,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2986,8 +2986,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -3084,8 +3084,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3284,8 +3284,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3361,8 +3361,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3467,8 +3467,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3521,8 +3521,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3619,8 +3619,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3667,8 +3667,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3759,8 +3759,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3825,8 +3825,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3920,8 +3920,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3986,8 +3986,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -4095,8 +4095,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -4187,8 +4187,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4253,8 +4253,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4348,8 +4348,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4414,8 +4414,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4520,8 +4520,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4570,8 +4570,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4662,8 +4662,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4710,8 +4710,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4779,39 +4779,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4819,28 +4819,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4848,25 +4848,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4874,21 +4874,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -4905,11 +4905,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4919,38 +4930,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4959,25 +4970,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4988,17 +4999,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5006,7 +5017,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5014,21 +5025,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5042,14 +5053,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5059,20 +5081,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5080,77 +5102,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,18 +5150,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5184,24 +5176,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -5215,29 +5204,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5253,77 +5242,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5331,17 +5290,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5349,7 +5308,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5357,24 +5316,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5388,48 +5344,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5437,16 +5382,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5470,31 +5415,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5502,16 +5460,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5534,7 +5492,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5576,20 +5534,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5597,16 +5555,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5630,48 +5588,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5694,7 +5665,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5747,20 +5718,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5768,18 +5739,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5787,58 +5758,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5853,21 +5814,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5881,37 +5842,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5919,75 +5880,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5996,7 +5963,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6005,19 +5972,22 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -6035,22 +6005,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -6060,134 +6019,210 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.11.1" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "09a7526d23e50ddd", - "name": "fluent-bit", - "version": "25.11.1", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.11.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6195,47 +6230,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6250,21 +6296,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6278,55 +6324,2197 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.11.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "09a7526d23e50ddd", + "name": "fluent-bit", + "version": "25.11.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.11.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -6335,48 +8523,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -6392,21 +8578,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -6420,13 +8606,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6437,20 +8623,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6458,10 +8644,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6469,42 +8663,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6519,21 +8731,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6547,23 +8759,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6575,20 +8781,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6596,10 +8802,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6607,42 +8821,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6657,21 +8889,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6685,23 +8917,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6713,77 +8939,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6796,18 +9008,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6822,24 +9034,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6853,13 +9062,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6870,77 +9079,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6953,18 +9148,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6979,24 +9174,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7010,23 +9202,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -7038,73 +9230,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7121,18 +9316,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7147,24 +9342,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7178,27 +9373,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7210,73 +9401,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7293,18 +9487,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7319,24 +9513,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7350,27 +9544,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7382,20 +9572,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7403,64 +9593,76 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02314 + "risk": 0.017945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7468,17 +9670,17 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7486,7 +9688,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7494,24 +9696,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -7525,120 +9727,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7646,7 +9856,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7654,24 +9864,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7685,135 +9892,145 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7821,21 +10038,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7849,122 +10069,138 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7979,21 +10215,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8007,42 +10246,48 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8050,18 +10295,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8069,47 +10314,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8124,21 +10369,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -8152,13 +10397,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8169,39 +10414,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8209,54 +10454,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8264,21 +10523,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8295,22 +10554,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8320,88 +10568,132 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8416,21 +10708,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8444,13 +10739,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8461,104 +10756,93 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8573,24 +10857,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -8604,23 +10885,23 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -8632,111 +10913,108 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8744,24 +11022,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8775,25 +11050,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8803,114 +11067,99 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.017945 + "advisories": [], + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8919,7 +11168,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8927,24 +11176,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8958,25 +11204,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8986,38 +11221,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9026,60 +11267,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01728 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9095,21 +11329,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9123,13 +11357,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9140,20 +11374,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9161,17 +11395,17 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9180,46 +11414,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9235,21 +11474,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9263,55 +11502,55 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9320,60 +11559,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01449 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9381,7 +11611,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9389,21 +11619,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9417,147 +11647,137 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -9574,24 +11794,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -9605,13 +11822,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9622,39 +11839,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9662,53 +11879,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -9723,21 +11935,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -9751,23 +11963,23 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -9779,37 +11991,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,59 +12031,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9888,21 +12087,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9916,13 +12115,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9933,20 +12132,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9954,79 +12153,79 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.012759999999999999 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10042,21 +12241,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10070,13 +12272,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10087,99 +12289,100 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10187,7 +12390,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10195,21 +12398,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, - "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10223,14 +12429,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10240,93 +12457,79 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10337,23 +12540,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10361,7 +12558,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10369,24 +12566,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10400,110 +12597,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10514,23 +12712,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10546,24 +12738,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10577,73 +12769,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10651,72 +12841,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10724,21 +12897,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -10752,14 +12925,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10769,20 +12953,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10790,17 +12974,17 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -10809,46 +12993,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10856,7 +13042,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10864,21 +13050,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10895,11 +13081,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10909,100 +13106,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 6.5, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11010,7 +13195,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11018,24 +13203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3784", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11049,14 +13231,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11066,100 +13259,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11175,24 +13356,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11206,23 +13384,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11234,100 +13412,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11343,24 +13509,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11374,27 +13537,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11406,100 +13565,99 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } - ], - "epss": [ - { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "epss": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], - "risk": 0.009785 + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -11507,7 +13665,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11515,24 +13673,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11546,29 +13701,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11601,8 +13741,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11667,8 +13807,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11762,8 +13902,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11828,8 +13968,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11934,8 +14074,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12004,8 +14144,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12105,8 +14245,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12175,8 +14315,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12264,39 +14404,198 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007125000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + ], + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -12304,67 +14603,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12372,21 +14678,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12400,14 +14706,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12417,38 +14734,44 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -12457,51 +14780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -12517,21 +14857,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12545,37 +14885,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12583,18 +14923,18 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -12602,59 +14942,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12662,21 +14997,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -12690,148 +15025,135 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 4.7, + "baseScore": 5.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12839,21 +15161,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12867,25 +15189,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12895,20 +15206,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12916,18 +15227,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12935,41 +15246,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006875 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12977,18 +15275,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13009,7 +15307,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13048,87 +15346,105 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13143,21 +15459,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13171,127 +15490,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006695 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13299,7 +15612,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13307,21 +15620,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13335,37 +15651,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13373,18 +15700,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -13392,47 +15719,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13447,21 +15763,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13475,120 +15791,91 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13605,24 +15892,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "0:3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "ead6ec3a96c03e8e", + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13639,117 +15923,98 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13766,24 +16031,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "7acafa332217c3b4", + "name": "openssl-fips-provider-so", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13800,69 +16062,71 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -13871,68 +16135,35 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" - ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13940,7 +16171,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13948,21 +16179,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13976,17 +16207,28 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -14016,8 +16258,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14104,8 +16346,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14134,18 +16376,187 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.00504 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -14159,13 +16570,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14176,112 +16587,107 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00504 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14297,24 +16703,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -14328,13 +16734,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14368,8 +16774,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14431,8 +16837,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14526,8 +16932,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14589,8 +16995,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14695,8 +17101,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14758,8 +17164,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14868,8 +17274,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14931,8 +17337,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -15041,8 +17447,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15101,8 +17507,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15168,151 +17574,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -15338,8 +17599,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15387,8 +17648,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15490,8 +17751,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15539,8 +17800,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15642,8 +17903,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15712,8 +17973,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15812,8 +18073,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15882,8 +18143,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15982,8 +18243,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16052,8 +18313,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16152,8 +18413,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16222,8 +18483,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16322,8 +18583,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16385,8 +18646,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16480,8 +18741,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16543,8 +18804,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16649,8 +18910,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16697,8 +18958,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16789,8 +19050,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16850,8 +19111,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16942,8 +19203,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17005,8 +19266,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17097,8 +19358,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17163,8 +19424,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17258,8 +19519,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17324,8 +19585,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17412,7 +19673,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17509,7 +19770,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -18005,107 +20266,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.11.1.md b/docs/security/agent/grype-25.11.1.md index 6f272e8..2b380fd 100644 --- a/docs/security/agent/grype-25.11.1.md +++ b/docs/security/agent/grype-25.11.1.md @@ -8,6 +8,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -16,22 +17,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.11.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.11.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | @@ -72,7 +82,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -82,6 +91,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -91,25 +101,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.11.2.json b/docs/security/agent/grype-25.11.2.json index 3ae0fe1..2167346 100644 --- a/docs/security/agent/grype-25.11.2.json +++ b/docs/security/agent/grype-25.11.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88933, - "date": "2026-03-09" + "percentile": 0.88983, + "date": "2026-03-16" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -257,8 +257,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -352,8 +352,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -420,8 +420,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -526,8 +526,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -605,8 +605,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -709,8 +709,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -754,8 +754,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -849,8 +849,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -894,8 +894,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -989,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1055,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1158,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1224,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1327,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1383,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1548,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1651,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1724,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1876,8 +1876,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1968,8 +1968,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2017,8 +2017,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -2120,8 +2120,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2180,8 +2180,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2272,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2321,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2413,8 +2413,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2479,8 +2479,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2574,8 +2574,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2640,8 +2640,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2746,8 +2746,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2813,8 +2813,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2911,8 +2911,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2986,8 +2986,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -3084,8 +3084,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3284,8 +3284,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3361,8 +3361,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00072, - "percentile": 0.21792, - "date": "2026-03-09" + "percentile": 0.21759, + "date": "2026-03-16" } ], "cwes": [ @@ -3467,8 +3467,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3521,8 +3521,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3619,8 +3619,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3667,8 +3667,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3759,8 +3759,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3825,8 +3825,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3920,8 +3920,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3986,8 +3986,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -4095,8 +4095,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -4187,8 +4187,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4253,8 +4253,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4348,8 +4348,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4414,8 +4414,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4520,8 +4520,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4570,8 +4570,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4662,8 +4662,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4710,8 +4710,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4779,39 +4779,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4819,28 +4819,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4848,25 +4848,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4874,21 +4874,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -4905,11 +4905,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4919,38 +4930,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4959,25 +4970,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4988,17 +4999,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5006,7 +5017,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5014,21 +5025,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5042,14 +5053,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5059,20 +5081,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5080,77 +5102,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,18 +5150,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5184,24 +5176,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -5215,29 +5204,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5253,77 +5242,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5331,17 +5290,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5349,7 +5308,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5357,24 +5316,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5388,48 +5344,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5437,16 +5382,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5470,31 +5415,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5502,16 +5460,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5534,7 +5492,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5576,20 +5534,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5597,16 +5555,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5630,48 +5588,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5694,7 +5665,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5747,20 +5718,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5768,18 +5739,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5787,58 +5758,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5853,21 +5814,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5881,37 +5842,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5919,75 +5880,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5996,7 +5963,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6005,19 +5972,22 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -6035,22 +6005,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -6060,134 +6019,210 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.11.2" - } + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b08e28436378359a", - "name": "fluent-bit", - "version": "25.11.2", - "type": "binary", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.11.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6195,47 +6230,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6250,21 +6296,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6278,55 +6324,2197 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.11.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b08e28436378359a", + "name": "fluent-bit", + "version": "25.11.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.11.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -6335,48 +8523,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -6392,21 +8578,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -6420,13 +8606,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6437,20 +8623,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6458,10 +8644,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6469,42 +8663,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6519,21 +8731,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6547,23 +8759,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6575,20 +8781,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6596,10 +8802,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6607,42 +8821,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6657,21 +8889,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6685,23 +8917,17 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -6713,77 +8939,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6796,18 +9008,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6822,24 +9034,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -6853,13 +9062,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6870,77 +9079,63 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -6953,18 +9148,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6979,24 +9174,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7010,23 +9202,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -7038,73 +9230,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7121,18 +9316,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7147,24 +9342,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7178,27 +9373,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7210,73 +9401,76 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.023585000000000002 + "risk": 0.018025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7293,18 +9487,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7319,24 +9513,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7350,27 +9544,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -7382,20 +9572,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7403,64 +9593,76 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02314 + "risk": 0.017945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7468,17 +9670,17 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7486,7 +9688,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7494,24 +9696,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -7525,120 +9727,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7646,7 +9856,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7654,24 +9864,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7685,135 +9892,145 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7821,21 +10038,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7849,122 +10069,138 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7979,21 +10215,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8007,42 +10246,48 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8050,18 +10295,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8069,47 +10314,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8124,21 +10369,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -8152,13 +10397,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8169,39 +10414,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -8209,54 +10454,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8264,21 +10523,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8295,22 +10554,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8320,88 +10568,132 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8416,21 +10708,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8444,13 +10739,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8461,104 +10756,93 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8573,24 +10857,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -8604,23 +10885,23 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -8632,111 +10913,108 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8744,24 +11022,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8775,25 +11050,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8803,114 +11067,99 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.017945 + "advisories": [], + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8919,7 +11168,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8927,24 +11176,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8958,25 +11204,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8986,38 +11221,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9026,60 +11267,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01728 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9095,21 +11329,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9123,13 +11357,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9140,20 +11374,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9161,17 +11395,17 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9180,46 +11414,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9235,21 +11474,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9263,55 +11502,55 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9320,60 +11559,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01449 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9381,7 +11611,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9389,21 +11619,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9417,147 +11647,137 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -9574,24 +11794,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -9605,13 +11822,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9622,39 +11839,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9662,53 +11879,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -9723,21 +11935,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -9751,23 +11963,23 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -9779,37 +11991,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,59 +12031,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9888,21 +12087,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9916,13 +12115,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9933,20 +12132,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9954,79 +12153,79 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.012759999999999999 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10042,21 +12241,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10070,13 +12272,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10087,99 +12289,100 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10187,7 +12390,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10195,21 +12398,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, - "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10223,14 +12429,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10240,93 +12457,79 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10337,23 +12540,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10361,7 +12558,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10369,24 +12566,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10400,110 +12597,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:2.34-231.el9_7.10" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "risk": 0.011660000000000002 + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -10514,23 +12712,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -10546,24 +12738,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -10577,73 +12769,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10651,72 +12841,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10724,21 +12897,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -10752,14 +12925,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10769,20 +12953,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10790,17 +12974,17 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -10809,46 +12993,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10856,7 +13042,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10864,21 +13050,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10895,11 +13081,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10909,100 +13106,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 6.5, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11010,7 +13195,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11018,24 +13203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3784", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11049,14 +13231,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11066,100 +13259,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11175,24 +13356,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11206,23 +13384,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11234,100 +13412,88 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.009785 + "advisories": [], + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11343,24 +13509,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11374,27 +13537,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -11406,100 +13565,99 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } - ], - "epss": [ - { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "epss": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], - "risk": 0.009785 + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -11507,7 +13665,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11515,24 +13673,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11546,29 +13701,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11601,8 +13741,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11667,8 +13807,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11762,8 +13902,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11828,8 +13968,8 @@ { "cve": "CVE-2026-22795", "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ @@ -11934,8 +14074,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12004,8 +14144,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12105,8 +14245,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12175,8 +14315,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -12264,39 +14404,198 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007125000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + ], + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -12304,67 +14603,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12372,21 +14678,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12400,14 +14706,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12417,38 +14734,44 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -12457,51 +14780,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -12517,21 +14857,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12545,37 +14885,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12583,18 +14923,18 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -12602,59 +14942,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12662,21 +14997,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -12690,148 +15025,135 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 4.7, + "baseScore": 5.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12839,21 +15161,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12867,25 +15189,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12895,20 +15206,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12916,18 +15227,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12935,41 +15246,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006875 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12977,18 +15275,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13009,7 +15307,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13048,87 +15346,105 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13143,21 +15459,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13171,127 +15490,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006695 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13299,7 +15612,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13307,21 +15620,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13335,37 +15651,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13373,18 +15700,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -13392,47 +15719,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -13447,21 +15763,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13475,120 +15791,91 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13605,24 +15892,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "0:3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "ead6ec3a96c03e8e", + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13639,117 +15923,98 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13766,24 +16031,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "7acafa332217c3b4", + "name": "openssl-fips-provider-so", + "version": "3.0.7-6.el9_5", "type": "rpm", "locations": [ { @@ -13800,69 +16062,71 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-6.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-6.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-6.el9_5?arch=x86_64&distro=rhel-9.6&upstream=openssl-fips-provider-3.0.7-6.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openssl-fips-provider", + "version": "3.0.7-6.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -13871,68 +16135,35 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" - ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -13940,7 +16171,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13948,21 +16179,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -13976,17 +16207,28 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -14016,8 +16258,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14104,8 +16346,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ @@ -14134,18 +16376,187 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.00504 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00009, + "percentile": 0.0076, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -14159,13 +16570,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14176,112 +16587,107 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00504 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00009, - "percentile": 0.00768, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14297,24 +16703,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -14328,13 +16734,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14368,8 +16774,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14431,8 +16837,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14526,8 +16932,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14589,8 +16995,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14695,8 +17101,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14758,8 +17164,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14868,8 +17274,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14931,8 +17337,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -15041,8 +17447,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15101,8 +17507,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -15168,151 +17574,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -15338,8 +17599,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15387,8 +17648,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15490,8 +17751,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15539,8 +17800,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -15642,8 +17903,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15712,8 +17973,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15812,8 +18073,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15882,8 +18143,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15982,8 +18243,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16052,8 +18313,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16152,8 +18413,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16222,8 +18483,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16322,8 +18583,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16385,8 +18646,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16480,8 +18741,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16543,8 +18804,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16649,8 +18910,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16697,8 +18958,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16789,8 +19050,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16850,8 +19111,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16942,8 +19203,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17005,8 +19266,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -17097,8 +19358,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17163,8 +19424,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17258,8 +19519,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17324,8 +19585,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17412,7 +19673,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17509,7 +19770,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -18005,107 +20266,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.11.2.md b/docs/security/agent/grype-25.11.2.md index 2851c30..711ed15 100644 --- a/docs/security/agent/grype-25.11.2.md +++ b/docs/security/agent/grype-25.11.2.md @@ -8,6 +8,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -16,22 +17,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.11.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.11.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | @@ -72,7 +82,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -82,6 +91,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -91,25 +101,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-6.el9_5 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.12.1.json b/docs/security/agent/grype-25.12.1.json index 9ea2b96..27a97ab 100644 --- a/docs/security/agent/grype-25.12.1.json +++ b/docs/security/agent/grype-25.12.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -93,8 +93,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -188,8 +188,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -256,8 +256,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -362,8 +362,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -441,8 +441,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -545,8 +545,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -590,8 +590,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -685,8 +685,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -730,8 +730,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -825,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -891,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -994,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1060,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1163,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1219,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1311,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1384,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1487,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1560,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1712,8 +1712,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1804,8 +1804,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1853,8 +1853,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1956,8 +1956,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2016,8 +2016,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2108,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2157,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2249,8 +2249,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2315,8 +2315,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2410,8 +2410,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2476,8 +2476,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2582,8 +2582,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2649,8 +2649,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2747,8 +2747,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2822,8 +2822,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2920,8 +2920,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3016,8 +3016,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3120,8 +3120,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3174,8 +3174,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3272,8 +3272,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3320,8 +3320,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3412,8 +3412,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3478,8 +3478,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3573,8 +3573,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3639,8 +3639,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3748,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -3840,8 +3840,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -3906,8 +3906,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4001,8 +4001,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4067,8 +4067,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4173,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4223,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4315,8 +4315,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4363,8 +4363,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4432,39 +4432,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4472,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4501,25 +4501,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4527,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4558,11 +4558,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4572,38 +4583,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4612,25 +4623,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4641,17 +4652,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4659,7 +4670,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4667,21 +4678,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4695,14 +4706,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4712,20 +4734,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4733,77 +4755,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,18 +4803,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4837,24 +4829,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -4868,29 +4857,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -4906,77 +4895,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4984,17 +4943,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5002,7 +4961,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5010,24 +4969,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5041,48 +4997,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5090,16 +5035,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5123,31 +5068,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5155,16 +5113,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5187,7 +5145,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5229,20 +5187,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5208,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,48 +5241,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5347,7 +5318,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5400,20 +5371,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5421,18 +5392,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5440,58 +5411,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5506,21 +5467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5534,37 +5495,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5572,75 +5533,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5649,7 +5616,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5658,19 +5625,22 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -5688,22 +5658,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5713,134 +5672,210 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.1" - } + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "da8fb8ec75f41cac", - "name": "fluent-bit", - "version": "25.12.1", - "type": "binary", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5848,47 +5883,3286 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "da8fb8ec75f41cac", + "name": "fluent-bit", + "version": "25.12.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023114999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019090000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "0:10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019090000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.018025 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.018025 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.017945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5903,21 +9177,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "systemd", + "version": "0:252-55.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "e8cfdbaead821b00", + "name": "systemd", + "version": "252-55.el9_7.2", "type": "rpm", "locations": [ { @@ -5931,13 +9208,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd:252-55.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/systemd@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5948,20 +9225,20 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5969,49 +9246,76 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.026255000000000007 + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.017945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6019,25 +9323,25 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6045,21 +9349,24 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "systemd", + "version": "252-55.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "c4152df82a1db41b", + "name": "systemd-libs", + "version": "252-55.el9_7.2", "type": "rpm", "locations": [ { @@ -6073,14 +9380,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6090,20 +9408,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6111,42 +9429,76 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024225 + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.017945 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6154,10 +9506,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6172,21 +9532,24 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "systemd", + "version": "252-55.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "ead60bdbac583ffe", + "name": "systemd-pam", + "version": "252-55.el9_7.2", "type": "rpm", "locations": [ { @@ -6200,23 +9563,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "systemd", + "version": "252-55.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -6228,20 +9591,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6249,42 +9612,76 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024225 + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.017945 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6292,10 +9689,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-4598", + "epss": 0.00037, + "percentile": 0.10731, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6310,21 +9715,24 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "systemd", + "version": "252-55.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "7126adbff2843171", + "name": "systemd-rpm-macros", + "version": "252-55.el9_7.2", "type": "rpm", "locations": [ { @@ -6338,23 +9746,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-rpm-macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm-macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.2?arch=noarch&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "systemd", + "version": "252-55.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -6366,100 +9778,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" } ], - "risk": 0.023585000000000002 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6475,24 +9887,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6506,13 +9915,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6523,100 +9932,86 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6624,7 +10019,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6632,24 +10027,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6663,25 +10055,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6691,100 +10072,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6792,7 +10173,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6800,24 +10181,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6831,29 +10209,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6863,104 +10226,132 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "1:3.5.1-7.el9_7" + "0:2.3.3-5.el9_7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.02314 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6975,24 +10366,24 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7006,120 +10397,109 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "cwes": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], - "risk": 0.02314 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7135,24 +10515,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -7166,67 +10543,67 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7234,67 +10611,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7302,21 +10680,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7330,19 +10708,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "BSD" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7352,39 +10725,39 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7392,67 +10765,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7460,21 +10834,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7488,19 +10862,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "BSD" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7510,39 +10879,45 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -7550,47 +10925,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } @@ -7605,21 +10987,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7633,13 +11015,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7650,20 +11032,20 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7671,18 +11053,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -7690,28 +11072,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7719,25 +11106,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7745,21 +11132,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7773,48 +11160,37 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7822,17 +11198,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -7841,47 +11217,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7889,7 +11269,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7897,21 +11277,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7925,118 +11305,136 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -8046,7 +11444,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8054,24 +11452,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -8085,25 +11480,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8113,103 +11497,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -8217,7 +11585,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8225,24 +11593,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "systemd", + "version": "0:252-55.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2026-4105", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "e8cfdbaead821b00", + "name": "systemd", + "version": "252-55.el9_7.2", "type": "rpm", "locations": [ { @@ -8256,25 +11621,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:systemd:systemd:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd:252-55.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/systemd@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8284,123 +11638,95 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.017945 + "advisories": [], + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8409,22 +11735,19 @@ }, "package": { "name": "systemd", - "version": "0:252-55.el9_7.2" + "version": "252-55.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-4105", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e8cfdbaead821b00", - "name": "systemd", + "id": "c4152df82a1db41b", + "name": "systemd-libs", "version": "252-55.el9_7.2", "type": "rpm", "locations": [ @@ -8439,14 +11762,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT and GPLv2+" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:systemd:systemd:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd:252-55.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/systemd@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8456,116 +11790,88 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.017945 + "advisories": [], + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -8586,17 +11892,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-4105", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c4152df82a1db41b", - "name": "systemd-libs", + "id": "ead60bdbac583ffe", + "name": "systemd-pam", "version": "252-55.el9_7.2", "type": "rpm", "locations": [ @@ -8611,19 +11914,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", "upstreams": [ { "name": "systemd", @@ -8639,116 +11942,88 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.017945 + "advisories": [], + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -8769,17 +12044,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-4105", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "ead60bdbac583ffe", - "name": "systemd-pam", + "id": "7126adbff2843171", + "name": "systemd-rpm-macros", "version": "252-55.el9_7.2", "type": "rpm", "locations": [ @@ -8797,16 +12069,20 @@ "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:systemd-pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-rpm-macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm-macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.2?arch=noarch&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", "upstreams": [ { "name": "systemd", @@ -8822,20 +12098,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8843,76 +12119,48 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.017945 + "advisories": [], + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8920,16 +12168,16 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00037, - "percentile": 0.10702, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8938,7 +12186,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8946,24 +12194,21 @@ "version": "9.7" }, "package": { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-1757", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7126adbff2843171", - "name": "systemd-rpm-macros", - "version": "252-55.el9_7.2", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -8977,29 +12222,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT and GPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:systemd-rpm-macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-rpm-macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm_macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm_macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.2?arch=noarch&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-55.el9_7.2" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9009,100 +12239,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01728 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9118,21 +12348,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9146,13 +12379,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9163,20 +12396,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9184,65 +12417,79 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9250,7 +12497,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9258,21 +12505,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9286,14 +12536,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9303,100 +12564,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01449 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9404,7 +12665,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9412,21 +12673,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9440,14 +12704,29 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9457,139 +12736,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9597,24 +12832,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-70873", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -9628,14 +12860,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9645,38 +12888,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9685,34 +12928,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -9720,17 +12959,17 @@ ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9746,21 +12985,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9774,23 +13013,23 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -9802,38 +13041,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9842,42 +13081,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -9885,17 +13112,17 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9903,7 +13130,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9911,21 +13138,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9939,14 +13166,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9956,38 +13194,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9996,42 +13234,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012759999999999999 + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10039,17 +13265,17 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10057,7 +13283,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10065,21 +13291,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10093,14 +13319,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10110,44 +13347,38 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -10156,53 +13387,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10210,7 +13436,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10218,21 +13444,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10246,14 +13472,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10263,45 +13500,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10309,29 +13540,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -10339,35 +13571,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10382,21 +13608,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10410,13 +13636,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10427,12 +13653,12 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-32776", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32776", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", @@ -10448,18 +13674,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-32776", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-32776", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -10467,47 +13693,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.007279999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-32776", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32776", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/libexpat/libexpat/pull/1158", + "https://github.com/libexpat/libexpat/pull/1159" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-32776", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-32776", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -10522,21 +13748,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-32776", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -10553,10 +13779,10 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10567,82 +13793,86 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10650,17 +13880,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10676,24 +13906,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10707,99 +13937,103 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10807,17 +14041,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10833,24 +14067,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10864,128 +14098,142 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10993,7 +14241,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11001,24 +14249,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11032,69 +14280,60 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -11118,49 +14357,53 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0072250000000000005 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -11169,7 +14412,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11178,12 +14421,12 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", + "vulnerabilityID": "CVE-2025-11187", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -11192,8 +14435,8 @@ } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -11211,11 +14454,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -11225,104 +14479,99 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", + "cve": "CVE-2025-30258", "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0072250000000000005 + "advisories": [], + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", + "cve": "CVE-2025-30258", "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11330,7 +14579,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11338,24 +14587,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11369,150 +14615,137 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11520,24 +14753,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -11551,131 +14781,142 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" }, { - "cve": "CVE-2025-11187", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" }, { - "cve": "CVE-2025-11187", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11683,7 +14924,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11691,24 +14932,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11722,48 +14960,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11771,18 +14998,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -11790,41 +15017,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11832,18 +15046,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -11858,21 +15072,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11886,13 +15100,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11903,91 +15117,110 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -12003,21 +15236,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12031,56 +15264,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-32778", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32778", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libexpat. This vulnerability allows an attacker to trigger a NULL pointer dereference in the `setContext` function. This occurs when the system attempts to retry an operation after an out-of-memory condition, which can lead to a Denial of Service (DoS) for the affected application.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.1, + "exploitabilityScore": 1.5, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-32778", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-32778", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -12088,59 +15321,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006565 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-32778", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32778", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1163" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-32778", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-32778", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12148,21 +15376,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-32778", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -12176,72 +15404,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ], @@ -12250,66 +15461,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ] @@ -12317,7 +15508,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12325,21 +15516,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12353,25 +15544,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -12381,99 +15561,104 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006875 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" - ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12489,21 +15674,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12517,111 +15705,129 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12629,21 +15835,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12657,127 +15866,103 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.006695 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" - ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} - } + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0060999999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12793,21 +15978,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12821,37 +16006,37 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12859,18 +16044,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12878,47 +16063,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12933,21 +16107,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl-fips-provider", + "version": "0:3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "4f0f0ad93452efa2", + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12961,13 +16135,23 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12978,103 +16162,74 @@ }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13083,7 +16238,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13091,24 +16246,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "039e508ce9d5da38", + "name": "openssl-fips-provider-so", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -13122,120 +16274,110 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "upstreams": [ + { + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -13258,11 +16400,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], @@ -13311,45 +16450,39 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-32777", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32777", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition (DTD) content. This could lead to an infinite loop during parsing, resulting in a Denial of Service (DoS) for the application using libexpat.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2026-32777", "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "percentile": 0.01861, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-32777", + "cwe": "CWE-835", + "source": "cve@mitre.org", "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { @@ -13357,68 +16490,228 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.00585 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-32777", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32777", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libexpat/libexpat/issues/1161", + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1162", + "https://issues.oss-fuzz.com/issues/486993411" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-32777", + "epss": 0.00013, + "percentile": 0.01861, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-32777", + "cwe": "CWE-835", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-32777", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.00508 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/errata/RHSA-2026:2064", + "https://access.redhat.com/errata/RHSA-2026:2072", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", + "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13434,21 +16727,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -13462,13 +16758,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13479,125 +16775,106 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00508 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/errata/RHSA-2026:1323", - "https://access.redhat.com/errata/RHSA-2026:1324", - "https://access.redhat.com/errata/RHSA-2026:1326", - "https://access.redhat.com/errata/RHSA-2026:1327", - "https://access.redhat.com/errata/RHSA-2026:1465", - "https://access.redhat.com/errata/RHSA-2026:1608", - "https://access.redhat.com/errata/RHSA-2026:1624", - "https://access.redhat.com/errata/RHSA-2026:1625", - "https://access.redhat.com/errata/RHSA-2026:1626", - "https://access.redhat.com/errata/RHSA-2026:1627", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/errata/RHSA-2026:1736", - "https://access.redhat.com/errata/RHSA-2026:2064", - "https://access.redhat.com/errata/RHSA-2026:2072", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2633", - "https://access.redhat.com/errata/RHSA-2026:2659", - "https://access.redhat.com/errata/RHSA-2026:2671", - "https://access.redhat.com/errata/RHSA-2026:2974", - "https://access.redhat.com/errata/RHSA-2026:3415", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -13614,24 +16891,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -13645,13 +16922,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13685,8 +16962,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03626, - "date": "2026-03-09" + "percentile": 0.03605, + "date": "2026-03-16" } ], "cwes": [ @@ -13745,8 +17022,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03626, - "date": "2026-03-09" + "percentile": 0.03605, + "date": "2026-03-16" } ], "cwes": [ @@ -13837,8 +17114,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13900,8 +17177,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13995,8 +17272,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14058,8 +17335,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14164,8 +17441,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14227,8 +17504,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -14337,8 +17614,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -14397,8 +17674,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -14464,151 +17741,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -14634,8 +17766,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14683,8 +17815,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14786,8 +17918,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14835,8 +17967,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14938,8 +18070,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15008,8 +18140,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15108,8 +18240,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15178,8 +18310,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15278,8 +18410,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15348,8 +18480,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15448,8 +18580,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15518,8 +18650,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15618,8 +18750,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15688,8 +18820,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15788,8 +18920,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15858,8 +18990,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15959,8 +19091,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16029,8 +19161,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -16139,8 +19271,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16202,8 +19334,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16297,8 +19429,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16360,8 +19492,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -16466,8 +19598,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16514,8 +19646,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -16606,8 +19738,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16667,8 +19799,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16759,8 +19891,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16822,8 +19954,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16914,8 +20046,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16980,8 +20112,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17075,8 +20207,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17141,8 +20273,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -17229,7 +20361,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "A null pointer dereference flaw has been discovered in libexpat. The function `XML_ExternalEntityParserCreate` failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions `XML_ExternalEntityParserCreate` and `XML_SetUnknownEncodingHandler` for an application to be vulnerable.", "cvss": [ { "type": "Secondary", @@ -17247,8 +20379,8 @@ { "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00246, - "date": "2026-03-09" + "percentile": 0.00244, + "date": "2026-03-16" } ], "cwes": [ @@ -17306,8 +20438,8 @@ { "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00246, - "date": "2026-03-09" + "percentile": 0.00244, + "date": "2026-03-16" } ], "cwes": [ @@ -17380,7 +20512,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17477,7 +20609,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17974,107 +21106,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.12.1.md b/docs/security/agent/grype-25.12.1.md index 5c147bf..9676f64 100644 --- a/docs/security/agent/grype-25.12.1.md +++ b/docs/security/agent/grype-25.12.1.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -15,10 +16,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.12.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.12.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | @@ -27,13 +32,24 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | systemd-rpm-macros | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd | 252-55.el9_7.2 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-libs | 252-55.el9_7.2 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-pam | 252-55.el9_7.2 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-rpm-macros | 252-55.el9_7.2 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32776) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32778](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32778) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32777) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -72,7 +88,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -81,6 +96,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -90,25 +106,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.12.2.json b/docs/security/agent/grype-25.12.2.json index e7fc31d..fe9b87b 100644 --- a/docs/security/agent/grype-25.12.2.json +++ b/docs/security/agent/grype-25.12.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -93,8 +93,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -188,8 +188,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -256,8 +256,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -362,8 +362,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -441,8 +441,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -545,8 +545,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -590,8 +590,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -685,8 +685,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -730,8 +730,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -825,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -891,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -994,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1060,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1163,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1219,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1311,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1384,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1487,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1560,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1712,8 +1712,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1804,8 +1804,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1853,8 +1853,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1956,8 +1956,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2016,8 +2016,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2108,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2157,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2249,8 +2249,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2315,8 +2315,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2410,8 +2410,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2476,8 +2476,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2582,8 +2582,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2649,8 +2649,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2747,8 +2747,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2822,8 +2822,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2920,8 +2920,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3016,8 +3016,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3120,8 +3120,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3174,8 +3174,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3272,8 +3272,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3320,8 +3320,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3412,8 +3412,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3478,8 +3478,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3573,8 +3573,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3639,8 +3639,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3748,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -3840,8 +3840,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -3906,8 +3906,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4001,8 +4001,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4067,8 +4067,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4173,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4223,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4315,8 +4315,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4363,8 +4363,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4432,39 +4432,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4472,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4501,25 +4501,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4527,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4558,11 +4558,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4572,38 +4583,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4612,25 +4623,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4641,17 +4652,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4659,7 +4670,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4667,21 +4678,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4695,14 +4706,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4712,20 +4734,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4733,77 +4755,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,18 +4803,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4837,24 +4829,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -4868,29 +4857,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -4906,77 +4895,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4984,17 +4943,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5002,7 +4961,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5010,24 +4969,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5041,48 +4997,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5090,16 +5035,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5123,31 +5068,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5155,16 +5113,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5187,7 +5145,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5229,20 +5187,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5208,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,48 +5241,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5347,7 +5318,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5400,20 +5371,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5421,18 +5392,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5440,58 +5411,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5506,21 +5467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5534,37 +5495,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5572,75 +5533,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5649,7 +5616,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5658,19 +5625,22 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -5688,22 +5658,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5713,134 +5672,3420 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "2c6970bb425bdccc", + "name": "fluent-bit", + "version": "25.12.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023114999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019090000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "0:10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019090000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.018025 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.018025 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.2" - } + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "2c6970bb425bdccc", - "name": "fluent-bit", - "version": "25.12.2", - "type": "binary", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5848,47 +9093,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5903,21 +9162,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5931,13 +9190,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5948,39 +9207,39 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5988,49 +9247,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6045,21 +9302,21 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6073,13 +9330,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6090,31 +9347,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6122,49 +9387,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6172,21 +9456,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6200,25 +9484,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6228,81 +9501,139 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024225 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6310,21 +9641,24 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -6338,25 +9672,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6366,100 +9689,92 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6467,7 +9782,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6475,24 +9790,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6506,14 +9818,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6523,100 +9846,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6624,7 +9947,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6632,24 +9955,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6663,25 +9983,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6691,100 +10000,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6792,7 +10101,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6800,24 +10109,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6831,29 +10137,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6863,103 +10154,99 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], - "risk": 0.02314 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -6975,24 +10262,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7006,93 +10290,81 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7109,16 +10381,16 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -7127,7 +10399,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7136,22 +10408,19 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -7169,22 +10438,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -7194,39 +10452,39 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -7234,60 +10492,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7302,21 +10552,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7330,59 +10580,71 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -7392,58 +10654,63 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 7.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -7452,7 +10719,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7460,21 +10727,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -7488,19 +10755,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7510,38 +10772,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -7550,46 +10812,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -7605,21 +10868,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "systemd", + "version": "0:252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "61ec5b5e59ecabc9", + "name": "systemd", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -7633,13 +10896,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd:252-55.el9_7.7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7650,38 +10913,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -7690,46 +10953,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -7745,21 +11009,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "7f20fd2ed36b259b", + "name": "systemd-libs", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -7773,23 +11037,23 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "systemd", + "version": "252-55.el9_7.7" } ], "metadataType": "RpmMetadata", @@ -7801,39 +11065,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7841,55 +11105,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7897,21 +11161,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "6acd5815fd39e6e0", + "name": "systemd-pam", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -7925,14 +11189,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-pam:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-pam:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.7" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7942,103 +11217,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -8054,24 +11313,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2026-4105", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "fad2f8c1542af0f5", + "name": "systemd-rpm-macros", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -8085,23 +11341,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:systemd-rpm-macros:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm-macros:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.7?arch=noarch&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "systemd", + "version": "252-55.el9_7.7" } ], "metadataType": "RpmMetadata", @@ -8113,85 +11373,69 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8199,25 +11443,25 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8225,24 +11469,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2026-1757", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -8259,22 +11500,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8284,100 +11514,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01728 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8393,21 +11623,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8421,13 +11654,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8438,20 +11671,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8459,65 +11692,79 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8525,7 +11772,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8533,21 +11780,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8561,14 +11811,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8578,100 +11839,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01449 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8679,7 +11940,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8687,21 +11948,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8715,14 +11979,29 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8732,139 +12011,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8872,24 +12107,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-70873", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -8903,14 +12135,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8920,38 +12163,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -8960,34 +12203,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -8995,17 +12234,17 @@ ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9021,21 +12260,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9049,23 +12288,23 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -9077,38 +12316,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9117,42 +12356,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -9160,17 +12387,17 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9178,7 +12405,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9186,21 +12413,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9214,14 +12441,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9231,38 +12469,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9271,42 +12509,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012759999999999999 + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9314,17 +12540,17 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9332,7 +12558,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9340,21 +12566,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9368,14 +12594,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9385,44 +12622,38 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9431,53 +12662,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9485,7 +12711,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9493,21 +12719,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9521,14 +12747,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9538,45 +12775,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -9584,29 +12815,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -9614,35 +12846,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -9657,21 +12883,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -9685,13 +12911,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9702,12 +12928,12 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-32776", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32776", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", @@ -9723,18 +12949,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-32776", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-32776", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9742,47 +12968,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.007279999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-32776", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32776", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/libexpat/libexpat/pull/1158", + "https://github.com/libexpat/libexpat/pull/1159" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-32776", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-32776", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -9797,21 +13023,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-32776", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -9828,10 +13054,10 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9842,82 +13068,86 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9925,17 +13155,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9951,24 +13181,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9982,99 +13212,103 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10082,17 +13316,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10108,24 +13342,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10139,128 +13373,142 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10268,7 +13516,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10276,24 +13524,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10307,69 +13555,60 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10393,49 +13632,53 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0072250000000000005 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10444,7 +13687,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10453,12 +13696,12 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", + "vulnerabilityID": "CVE-2025-11187", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -10467,8 +13710,8 @@ } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -10486,11 +13729,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -10500,104 +13754,99 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", + "cve": "CVE-2025-30258", "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0072250000000000005 + "advisories": [], + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", + "cve": "CVE-2025-30258", "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10605,7 +13854,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10613,24 +13862,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10644,150 +13890,137 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10795,24 +14028,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -10826,131 +14056,142 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" }, { - "cve": "CVE-2025-11187", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" }, { - "cve": "CVE-2025-11187", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10958,7 +14199,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10966,24 +14207,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10997,48 +14235,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11046,18 +14273,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -11065,41 +14292,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11107,18 +14321,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -11133,21 +14347,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11161,13 +14375,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11178,91 +14392,110 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11278,21 +14511,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -11306,56 +14539,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-32778", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32778", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libexpat. This vulnerability allows an attacker to trigger a NULL pointer dereference in the `setContext` function. This occurs when the system attempts to retry an operation after an out-of-memory condition, which can lead to a Denial of Service (DoS) for the affected application.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.1, + "exploitabilityScore": 1.5, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-32778", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-32778", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -11363,59 +14596,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006565 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-32778", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32778", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1163" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-32778", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-32778", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11423,21 +14651,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-32778", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -11451,72 +14679,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ], @@ -11525,66 +14736,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ] @@ -11592,7 +14783,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11600,21 +14791,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11628,25 +14819,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11656,99 +14836,104 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006875 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" - ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11764,21 +14949,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11792,111 +14980,129 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11904,21 +15110,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11932,127 +15141,103 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.006695 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" - ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} - } + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0060999999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12068,21 +15253,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12096,37 +15281,37 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12134,18 +15319,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12153,47 +15338,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12208,21 +15382,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl-fips-provider", + "version": "0:3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "4f0f0ad93452efa2", + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12236,13 +15410,23 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12253,103 +15437,74 @@ }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12358,7 +15513,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12366,24 +15521,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "039e508ce9d5da38", + "name": "openssl-fips-provider-so", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12397,120 +15549,110 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "upstreams": [ + { + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12533,11 +15675,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], @@ -12586,45 +15725,39 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-32777", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32777", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition (DTD) content. This could lead to an infinite loop during parsing, resulting in a Denial of Service (DoS) for the application using libexpat.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2026-32777", "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "percentile": 0.01861, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-32777", + "cwe": "CWE-835", + "source": "cve@mitre.org", "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { @@ -12632,68 +15765,228 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.00585 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-32777", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32777", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libexpat/libexpat/issues/1161", + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1162", + "https://issues.oss-fuzz.com/issues/486993411" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-32777", + "epss": 0.00013, + "percentile": 0.01861, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-32777", + "cwe": "CWE-835", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-32777", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.00508 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/errata/RHSA-2026:2064", + "https://access.redhat.com/errata/RHSA-2026:2072", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", + "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -12709,21 +16002,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -12737,13 +16033,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12754,125 +16050,106 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00508 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/errata/RHSA-2026:1323", - "https://access.redhat.com/errata/RHSA-2026:1324", - "https://access.redhat.com/errata/RHSA-2026:1326", - "https://access.redhat.com/errata/RHSA-2026:1327", - "https://access.redhat.com/errata/RHSA-2026:1465", - "https://access.redhat.com/errata/RHSA-2026:1608", - "https://access.redhat.com/errata/RHSA-2026:1624", - "https://access.redhat.com/errata/RHSA-2026:1625", - "https://access.redhat.com/errata/RHSA-2026:1626", - "https://access.redhat.com/errata/RHSA-2026:1627", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/errata/RHSA-2026:1736", - "https://access.redhat.com/errata/RHSA-2026:2064", - "https://access.redhat.com/errata/RHSA-2026:2072", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2633", - "https://access.redhat.com/errata/RHSA-2026:2659", - "https://access.redhat.com/errata/RHSA-2026:2671", - "https://access.redhat.com/errata/RHSA-2026:2974", - "https://access.redhat.com/errata/RHSA-2026:3415", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -12889,24 +16166,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -12920,13 +16197,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12960,8 +16237,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03626, - "date": "2026-03-09" + "percentile": 0.03605, + "date": "2026-03-16" } ], "cwes": [ @@ -13020,8 +16297,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03626, - "date": "2026-03-09" + "percentile": 0.03605, + "date": "2026-03-16" } ], "cwes": [ @@ -13112,8 +16389,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13175,8 +16452,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13270,8 +16547,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13333,8 +16610,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13439,8 +16716,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13502,8 +16779,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13612,8 +16889,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -13672,8 +16949,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -13739,151 +17016,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -13909,8 +17041,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -13958,8 +17090,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14061,8 +17193,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14110,8 +17242,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14213,8 +17345,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14283,8 +17415,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14383,8 +17515,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14453,8 +17585,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14553,8 +17685,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14623,8 +17755,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14723,8 +17855,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14793,8 +17925,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14893,8 +18025,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14963,8 +18095,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15063,8 +18195,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15133,8 +18265,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15234,8 +18366,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15304,8 +18436,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15414,8 +18546,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15477,8 +18609,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15572,8 +18704,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15635,8 +18767,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15741,8 +18873,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15789,8 +18921,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15881,8 +19013,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -15942,8 +19074,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16034,8 +19166,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16097,8 +19229,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16189,8 +19321,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16255,8 +19387,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16350,8 +19482,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16416,8 +19548,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16504,7 +19636,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "A null pointer dereference flaw has been discovered in libexpat. The function `XML_ExternalEntityParserCreate` failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions `XML_ExternalEntityParserCreate` and `XML_SetUnknownEncodingHandler` for an application to be vulnerable.", "cvss": [ { "type": "Secondary", @@ -16522,8 +19654,8 @@ { "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00246, - "date": "2026-03-09" + "percentile": 0.00244, + "date": "2026-03-16" } ], "cwes": [ @@ -16581,8 +19713,8 @@ { "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00246, - "date": "2026-03-09" + "percentile": 0.00244, + "date": "2026-03-16" } ], "cwes": [ @@ -16655,7 +19787,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -16752,7 +19884,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17249,107 +20381,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.12.2.md b/docs/security/agent/grype-25.12.2.md index de3e016..4796cf0 100644 --- a/docs/security/agent/grype-25.12.2.md +++ b/docs/security/agent/grype-25.12.2.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -15,21 +16,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.12.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.12.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-libs | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-pam | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-rpm-macros | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32776) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32778](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32778) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32777) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -68,7 +84,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -77,6 +92,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -86,25 +102,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.12.3.json b/docs/security/agent/grype-25.12.3.json index 10dbfe6..07b8938 100644 --- a/docs/security/agent/grype-25.12.3.json +++ b/docs/security/agent/grype-25.12.3.json @@ -25,8 +25,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -93,8 +93,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -188,8 +188,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -256,8 +256,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -362,8 +362,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -441,8 +441,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -545,8 +545,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -590,8 +590,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -685,8 +685,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -730,8 +730,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -825,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -891,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -994,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1060,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1163,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1219,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1311,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1384,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1487,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1560,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1712,8 +1712,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1804,8 +1804,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1853,8 +1853,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1956,8 +1956,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2016,8 +2016,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2108,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2157,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2249,8 +2249,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2315,8 +2315,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2410,8 +2410,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2476,8 +2476,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2582,8 +2582,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2649,8 +2649,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2747,8 +2747,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2822,8 +2822,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2920,8 +2920,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3016,8 +3016,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3120,8 +3120,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3174,8 +3174,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3272,8 +3272,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3320,8 +3320,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3412,8 +3412,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3478,8 +3478,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3573,8 +3573,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3639,8 +3639,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3748,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -3840,8 +3840,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -3906,8 +3906,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4001,8 +4001,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4067,8 +4067,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4173,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4223,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4315,8 +4315,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4363,8 +4363,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4432,39 +4432,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4472,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4501,25 +4501,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4527,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4558,11 +4558,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4572,38 +4583,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4612,25 +4623,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4641,17 +4652,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4659,7 +4670,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4667,21 +4678,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4695,14 +4706,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4712,20 +4734,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4733,77 +4755,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,18 +4803,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4837,24 +4829,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -4868,29 +4857,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -4906,77 +4895,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4984,17 +4943,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5002,7 +4961,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5010,24 +4969,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5041,48 +4997,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5090,16 +5035,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5123,31 +5068,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5155,16 +5113,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5187,7 +5145,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5229,20 +5187,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5208,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,48 +5241,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5347,7 +5318,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5400,20 +5371,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5421,18 +5392,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5440,58 +5411,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5506,21 +5467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5534,37 +5495,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5572,75 +5533,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5649,7 +5616,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5658,19 +5625,22 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -5688,22 +5658,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5713,134 +5672,3420 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c4aab225b8ee48d6", + "name": "fluent-bit", + "version": "25.12.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023114999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019090000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "0:10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019090000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.018025 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.018025 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.3" - } + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "c4aab225b8ee48d6", - "name": "fluent-bit", - "version": "25.12.3", - "type": "binary", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5848,47 +9093,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5903,21 +9162,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5931,13 +9190,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5948,39 +9207,39 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5988,49 +9247,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6045,21 +9302,21 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6073,13 +9330,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6090,31 +9347,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6122,49 +9387,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6172,21 +9456,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6200,25 +9484,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6228,81 +9501,139 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024225 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6310,21 +9641,24 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -6338,25 +9672,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6366,100 +9689,92 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6467,7 +9782,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6475,24 +9790,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6506,14 +9818,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6523,100 +9846,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6624,7 +9947,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6632,24 +9955,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6663,25 +9983,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6691,100 +10000,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6792,7 +10101,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6800,24 +10109,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6831,29 +10137,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6863,103 +10154,99 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], - "risk": 0.02314 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -6975,24 +10262,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7006,93 +10290,81 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7109,16 +10381,16 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -7127,7 +10399,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7136,22 +10408,19 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -7169,22 +10438,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -7194,39 +10452,39 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -7234,60 +10492,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7302,21 +10552,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7330,59 +10580,71 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -7392,58 +10654,63 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 7.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -7452,7 +10719,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7460,21 +10727,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -7488,19 +10755,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7510,38 +10772,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -7550,46 +10812,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -7605,21 +10868,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "systemd", + "version": "0:252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "61ec5b5e59ecabc9", + "name": "systemd", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -7633,13 +10896,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd:252-55.el9_7.7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7650,38 +10913,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -7690,46 +10953,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -7745,21 +11009,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "7f20fd2ed36b259b", + "name": "systemd-libs", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -7773,23 +11037,23 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "systemd", + "version": "252-55.el9_7.7" } ], "metadataType": "RpmMetadata", @@ -7801,39 +11065,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7841,55 +11105,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7897,21 +11161,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "6acd5815fd39e6e0", + "name": "systemd-pam", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -7925,14 +11189,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-pam:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-pam:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.7" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7942,103 +11217,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -8054,24 +11313,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2026-4105", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "fad2f8c1542af0f5", + "name": "systemd-rpm-macros", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -8085,23 +11341,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:systemd-rpm-macros:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm-macros:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.7?arch=noarch&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "systemd", + "version": "252-55.el9_7.7" } ], "metadataType": "RpmMetadata", @@ -8113,85 +11373,69 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8199,25 +11443,25 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8225,24 +11469,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2026-1757", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -8259,22 +11500,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8284,100 +11514,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01728 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8393,21 +11623,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8421,13 +11654,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8438,20 +11671,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8459,65 +11692,79 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8525,7 +11772,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8533,21 +11780,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8561,14 +11811,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8578,100 +11839,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01449 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8679,7 +11940,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8687,21 +11948,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8715,14 +11979,29 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8732,139 +12011,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8872,24 +12107,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-70873", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -8903,14 +12135,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8920,38 +12163,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -8960,34 +12203,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -8995,17 +12234,17 @@ ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9021,21 +12260,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9049,23 +12288,23 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -9077,38 +12316,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9117,42 +12356,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -9160,17 +12387,17 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9178,7 +12405,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9186,21 +12413,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9214,14 +12441,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9231,38 +12469,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9271,42 +12509,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012759999999999999 + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9314,17 +12540,17 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9332,7 +12558,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9340,21 +12566,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9368,14 +12594,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9385,44 +12622,38 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9431,53 +12662,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9485,7 +12711,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9493,21 +12719,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9521,14 +12747,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9538,45 +12775,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -9584,29 +12815,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -9614,35 +12846,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -9657,21 +12883,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -9685,13 +12911,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9702,12 +12928,12 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-32776", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32776", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", @@ -9723,18 +12949,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-32776", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-32776", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9742,47 +12968,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.007279999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-32776", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32776", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/libexpat/libexpat/pull/1158", + "https://github.com/libexpat/libexpat/pull/1159" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-32776", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-32776", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -9797,21 +13023,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-32776", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -9828,10 +13054,10 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9842,82 +13068,86 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9925,17 +13155,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9951,24 +13181,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9982,99 +13212,103 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10082,17 +13316,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10108,24 +13342,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10139,128 +13373,142 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10268,7 +13516,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10276,24 +13524,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10307,69 +13555,60 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10393,49 +13632,53 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0072250000000000005 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10444,7 +13687,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10453,12 +13696,12 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", + "vulnerabilityID": "CVE-2025-11187", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -10467,8 +13710,8 @@ } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -10486,11 +13729,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -10500,104 +13754,99 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", + "cve": "CVE-2025-30258", "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0072250000000000005 + "advisories": [], + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", + "cve": "CVE-2025-30258", "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10605,7 +13854,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10613,24 +13862,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10644,150 +13890,137 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10795,24 +14028,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -10826,131 +14056,142 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" }, { - "cve": "CVE-2025-11187", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" }, { - "cve": "CVE-2025-11187", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10958,7 +14199,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10966,24 +14207,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10997,48 +14235,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11046,18 +14273,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -11065,41 +14292,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11107,18 +14321,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -11133,21 +14347,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11161,13 +14375,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11178,91 +14392,110 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11278,21 +14511,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -11306,56 +14539,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-32778", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32778", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libexpat. This vulnerability allows an attacker to trigger a NULL pointer dereference in the `setContext` function. This occurs when the system attempts to retry an operation after an out-of-memory condition, which can lead to a Denial of Service (DoS) for the affected application.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.1, + "exploitabilityScore": 1.5, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-32778", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-32778", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -11363,59 +14596,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006565 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-32778", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32778", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1163" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-32778", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-32778", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11423,21 +14651,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-32778", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -11451,72 +14679,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ], @@ -11525,66 +14736,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ] @@ -11592,7 +14783,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11600,21 +14791,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11628,25 +14819,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11656,99 +14836,104 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006875 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" - ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11764,21 +14949,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11792,111 +14980,129 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11904,21 +15110,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11932,127 +15141,103 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.006695 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" - ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} - } + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0060999999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12068,21 +15253,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12096,37 +15281,37 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12134,18 +15319,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12153,47 +15338,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12208,21 +15382,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl-fips-provider", + "version": "0:3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "4f0f0ad93452efa2", + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12236,13 +15410,23 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12253,103 +15437,74 @@ }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12358,7 +15513,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12366,24 +15521,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "039e508ce9d5da38", + "name": "openssl-fips-provider-so", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12397,120 +15549,110 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "upstreams": [ + { + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12533,11 +15675,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], @@ -12586,45 +15725,39 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-32777", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32777", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition (DTD) content. This could lead to an infinite loop during parsing, resulting in a Denial of Service (DoS) for the application using libexpat.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2026-32777", "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "percentile": 0.01861, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-32777", + "cwe": "CWE-835", + "source": "cve@mitre.org", "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { @@ -12632,68 +15765,228 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.00585 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-32777", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32777", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libexpat/libexpat/issues/1161", + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1162", + "https://issues.oss-fuzz.com/issues/486993411" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-32777", + "epss": 0.00013, + "percentile": 0.01861, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-32777", + "cwe": "CWE-835", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-32777", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.00508 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/errata/RHSA-2026:2064", + "https://access.redhat.com/errata/RHSA-2026:2072", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", + "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -12709,21 +16002,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -12737,13 +16033,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12754,125 +16050,106 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00508 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/errata/RHSA-2026:1323", - "https://access.redhat.com/errata/RHSA-2026:1324", - "https://access.redhat.com/errata/RHSA-2026:1326", - "https://access.redhat.com/errata/RHSA-2026:1327", - "https://access.redhat.com/errata/RHSA-2026:1465", - "https://access.redhat.com/errata/RHSA-2026:1608", - "https://access.redhat.com/errata/RHSA-2026:1624", - "https://access.redhat.com/errata/RHSA-2026:1625", - "https://access.redhat.com/errata/RHSA-2026:1626", - "https://access.redhat.com/errata/RHSA-2026:1627", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/errata/RHSA-2026:1736", - "https://access.redhat.com/errata/RHSA-2026:2064", - "https://access.redhat.com/errata/RHSA-2026:2072", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2633", - "https://access.redhat.com/errata/RHSA-2026:2659", - "https://access.redhat.com/errata/RHSA-2026:2671", - "https://access.redhat.com/errata/RHSA-2026:2974", - "https://access.redhat.com/errata/RHSA-2026:3415", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -12889,24 +16166,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -12920,13 +16197,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12960,8 +16237,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03626, - "date": "2026-03-09" + "percentile": 0.03605, + "date": "2026-03-16" } ], "cwes": [ @@ -13020,8 +16297,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03626, - "date": "2026-03-09" + "percentile": 0.03605, + "date": "2026-03-16" } ], "cwes": [ @@ -13112,8 +16389,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13175,8 +16452,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13270,8 +16547,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13333,8 +16610,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13439,8 +16716,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13502,8 +16779,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13612,8 +16889,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -13672,8 +16949,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -13739,151 +17016,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -13909,8 +17041,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -13958,8 +17090,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14061,8 +17193,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14110,8 +17242,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14213,8 +17345,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14283,8 +17415,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14383,8 +17515,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14453,8 +17585,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14553,8 +17685,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14623,8 +17755,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14723,8 +17855,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14793,8 +17925,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14893,8 +18025,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14963,8 +18095,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15063,8 +18195,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15133,8 +18265,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15234,8 +18366,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15304,8 +18436,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15414,8 +18546,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15477,8 +18609,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15572,8 +18704,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15635,8 +18767,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15741,8 +18873,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15789,8 +18921,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15881,8 +19013,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -15942,8 +19074,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16034,8 +19166,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16097,8 +19229,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16189,8 +19321,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16255,8 +19387,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16350,8 +19482,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16416,8 +19548,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16504,7 +19636,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "A null pointer dereference flaw has been discovered in libexpat. The function `XML_ExternalEntityParserCreate` failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions `XML_ExternalEntityParserCreate` and `XML_SetUnknownEncodingHandler` for an application to be vulnerable.", "cvss": [ { "type": "Secondary", @@ -16522,8 +19654,8 @@ { "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00246, - "date": "2026-03-09" + "percentile": 0.00244, + "date": "2026-03-16" } ], "cwes": [ @@ -16581,8 +19713,8 @@ { "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00246, - "date": "2026-03-09" + "percentile": 0.00244, + "date": "2026-03-16" } ], "cwes": [ @@ -16655,7 +19787,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -16752,7 +19884,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17249,107 +20381,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.12.3.md b/docs/security/agent/grype-25.12.3.md index 8bc2764..395bb27 100644 --- a/docs/security/agent/grype-25.12.3.md +++ b/docs/security/agent/grype-25.12.3.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -15,21 +16,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.12.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.12.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-libs | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-pam | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-rpm-macros | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32776) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32778](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32778) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32777) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -68,7 +84,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -77,6 +92,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -86,25 +102,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-25.12.4.json b/docs/security/agent/grype-25.12.4.json index c34b05a..b130779 100644 --- a/docs/security/agent/grype-25.12.4.json +++ b/docs/security/agent/grype-25.12.4.json @@ -25,8 +25,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -93,8 +93,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -188,8 +188,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -256,8 +256,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -362,8 +362,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -441,8 +441,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -545,8 +545,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -590,8 +590,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -685,8 +685,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -730,8 +730,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -825,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -891,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -994,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1060,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1163,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1219,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1311,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1384,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1487,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1560,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1712,8 +1712,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1804,8 +1804,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1853,8 +1853,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1956,8 +1956,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2016,8 +2016,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2108,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2157,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2249,8 +2249,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2315,8 +2315,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2410,8 +2410,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2476,8 +2476,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2582,8 +2582,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2649,8 +2649,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2747,8 +2747,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2822,8 +2822,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2920,8 +2920,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3016,8 +3016,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3120,8 +3120,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3174,8 +3174,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3272,8 +3272,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3320,8 +3320,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3412,8 +3412,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3478,8 +3478,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3573,8 +3573,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3639,8 +3639,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3748,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -3840,8 +3840,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -3906,8 +3906,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4001,8 +4001,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4067,8 +4067,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4173,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4223,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4315,8 +4315,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4363,8 +4363,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4432,39 +4432,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4472,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4501,25 +4501,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4527,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4558,11 +4558,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4572,38 +4583,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4612,25 +4623,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4641,17 +4652,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4659,7 +4670,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4667,21 +4678,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4695,14 +4706,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4712,20 +4734,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4733,77 +4755,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,18 +4803,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4837,24 +4829,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -4868,29 +4857,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -4906,77 +4895,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4984,17 +4943,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5002,7 +4961,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5010,24 +4969,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5041,48 +4997,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5090,16 +5035,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5123,31 +5068,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5155,16 +5113,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5187,7 +5145,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5229,20 +5187,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5208,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,48 +5241,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5347,7 +5318,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5400,20 +5371,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5421,18 +5392,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5440,58 +5411,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5506,21 +5467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5534,37 +5495,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5572,75 +5533,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5649,7 +5616,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5658,19 +5625,22 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -5688,22 +5658,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5713,134 +5672,3420 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "a747661bde11c949", + "name": "fluent-bit", + "version": "25.12.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023114999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019090000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "0:10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019090000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.018025 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.018025 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.4" - } + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "a747661bde11c949", - "name": "fluent-bit", - "version": "25.12.4", - "type": "binary", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.4", - "upstreams": [] + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5848,47 +9093,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5903,21 +9162,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5931,13 +9190,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5948,39 +9207,39 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5988,49 +9247,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6045,21 +9302,21 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6073,13 +9330,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6090,31 +9347,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6122,49 +9387,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6172,21 +9456,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6200,25 +9484,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6228,81 +9501,139 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024225 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6310,21 +9641,24 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -6338,25 +9672,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6366,100 +9689,92 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6467,7 +9782,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6475,24 +9790,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6506,14 +9818,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6523,100 +9846,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6624,7 +9947,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6632,24 +9955,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6663,25 +9983,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6691,100 +10000,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6792,7 +10101,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6800,24 +10109,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6831,29 +10137,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6863,103 +10154,99 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], - "risk": 0.02314 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -6975,24 +10262,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7006,93 +10290,81 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7109,16 +10381,16 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -7127,7 +10399,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7136,22 +10408,19 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -7169,22 +10438,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -7194,39 +10452,39 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -7234,60 +10492,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7302,21 +10552,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7330,59 +10580,71 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -7392,58 +10654,63 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 7.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -7452,7 +10719,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7460,21 +10727,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -7488,19 +10755,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7510,38 +10772,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -7550,46 +10812,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -7605,21 +10868,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "systemd", + "version": "0:252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "61ec5b5e59ecabc9", + "name": "systemd", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -7633,13 +10896,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd:252-55.el9_7.7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7650,38 +10913,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -7690,46 +10953,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -7745,21 +11009,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "7f20fd2ed36b259b", + "name": "systemd-libs", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -7773,23 +11037,23 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "systemd", + "version": "252-55.el9_7.7" } ], "metadataType": "RpmMetadata", @@ -7801,39 +11065,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7841,55 +11105,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7897,21 +11161,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "6acd5815fd39e6e0", + "name": "systemd-pam", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -7925,14 +11189,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-pam:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-pam:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.7" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7942,103 +11217,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -8054,24 +11313,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2026-4105", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "fad2f8c1542af0f5", + "name": "systemd-rpm-macros", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -8085,23 +11341,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:systemd-rpm-macros:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm-macros:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.7?arch=noarch&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "systemd", + "version": "252-55.el9_7.7" } ], "metadataType": "RpmMetadata", @@ -8113,85 +11373,69 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8199,25 +11443,25 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8225,24 +11469,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2026-1757", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -8259,22 +11500,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8284,100 +11514,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01728 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8393,21 +11623,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8421,13 +11654,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8438,20 +11671,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8459,65 +11692,79 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8525,7 +11772,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8533,21 +11780,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8561,14 +11811,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8578,100 +11839,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01449 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8679,7 +11940,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8687,21 +11948,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8715,14 +11979,29 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8732,139 +12011,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8872,24 +12107,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-70873", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -8903,14 +12135,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8920,38 +12163,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -8960,34 +12203,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -8995,17 +12234,17 @@ ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9021,21 +12260,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9049,23 +12288,23 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -9077,38 +12316,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9117,42 +12356,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -9160,17 +12387,17 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9178,7 +12405,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9186,21 +12413,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9214,14 +12441,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9231,38 +12469,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9271,42 +12509,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012759999999999999 + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9314,17 +12540,17 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9332,7 +12558,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9340,21 +12566,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9368,14 +12594,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9385,44 +12622,38 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9431,53 +12662,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9485,7 +12711,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9493,21 +12719,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9521,14 +12747,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9538,45 +12775,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -9584,29 +12815,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -9614,35 +12846,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -9657,21 +12883,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -9685,13 +12911,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9702,12 +12928,12 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-32776", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32776", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", @@ -9723,18 +12949,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-32776", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-32776", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9742,47 +12968,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.007279999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-32776", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32776", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/libexpat/libexpat/pull/1158", + "https://github.com/libexpat/libexpat/pull/1159" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-32776", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-32776", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -9797,21 +13023,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-32776", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -9828,10 +13054,10 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9842,82 +13068,86 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9925,17 +13155,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9951,24 +13181,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9982,99 +13212,103 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10082,17 +13316,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10108,24 +13342,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10139,128 +13373,142 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10268,7 +13516,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10276,24 +13524,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10307,69 +13555,60 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10393,49 +13632,53 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0072250000000000005 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10444,7 +13687,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10453,12 +13696,12 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", + "vulnerabilityID": "CVE-2025-11187", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -10467,8 +13710,8 @@ } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -10486,11 +13729,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -10500,104 +13754,99 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", + "cve": "CVE-2025-30258", "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0072250000000000005 + "advisories": [], + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", + "cve": "CVE-2025-30258", "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10605,7 +13854,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10613,24 +13862,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10644,150 +13890,137 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10795,24 +14028,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -10826,131 +14056,142 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" }, { - "cve": "CVE-2025-11187", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" }, { - "cve": "CVE-2025-11187", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10958,7 +14199,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10966,24 +14207,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10997,48 +14235,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11046,18 +14273,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -11065,41 +14292,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11107,18 +14321,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -11133,21 +14347,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11161,13 +14375,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11178,91 +14392,110 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11278,21 +14511,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -11306,56 +14539,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-32778", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32778", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libexpat. This vulnerability allows an attacker to trigger a NULL pointer dereference in the `setContext` function. This occurs when the system attempts to retry an operation after an out-of-memory condition, which can lead to a Denial of Service (DoS) for the affected application.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.1, + "exploitabilityScore": 1.5, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-32778", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-32778", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -11363,59 +14596,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006565 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-32778", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32778", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1163" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-32778", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-32778", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11423,21 +14651,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-32778", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -11451,72 +14679,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ], @@ -11525,66 +14736,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ] @@ -11592,7 +14783,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11600,21 +14791,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11628,25 +14819,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11656,99 +14836,104 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006875 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" - ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11764,21 +14949,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11792,111 +14980,129 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11904,21 +15110,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11932,127 +15141,103 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.006695 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" - ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} - } + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0060999999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12068,21 +15253,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12096,37 +15281,37 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12134,18 +15319,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12153,47 +15338,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12208,21 +15382,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl-fips-provider", + "version": "0:3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "4f0f0ad93452efa2", + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12236,13 +15410,23 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12253,103 +15437,74 @@ }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12358,7 +15513,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12366,24 +15521,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "039e508ce9d5da38", + "name": "openssl-fips-provider-so", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12397,120 +15549,110 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "upstreams": [ + { + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12533,11 +15675,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], @@ -12586,45 +15725,39 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-32777", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32777", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition (DTD) content. This could lead to an infinite loop during parsing, resulting in a Denial of Service (DoS) for the application using libexpat.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2026-32777", "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "percentile": 0.01861, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-32777", + "cwe": "CWE-835", + "source": "cve@mitre.org", "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { @@ -12632,68 +15765,228 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.00585 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-32777", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32777", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libexpat/libexpat/issues/1161", + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1162", + "https://issues.oss-fuzz.com/issues/486993411" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-32777", + "epss": 0.00013, + "percentile": 0.01861, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-32777", + "cwe": "CWE-835", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-32777", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.00508 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/errata/RHSA-2026:2064", + "https://access.redhat.com/errata/RHSA-2026:2072", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", + "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -12709,21 +16002,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -12737,13 +16033,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12754,125 +16050,106 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00508 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/errata/RHSA-2026:1323", - "https://access.redhat.com/errata/RHSA-2026:1324", - "https://access.redhat.com/errata/RHSA-2026:1326", - "https://access.redhat.com/errata/RHSA-2026:1327", - "https://access.redhat.com/errata/RHSA-2026:1465", - "https://access.redhat.com/errata/RHSA-2026:1608", - "https://access.redhat.com/errata/RHSA-2026:1624", - "https://access.redhat.com/errata/RHSA-2026:1625", - "https://access.redhat.com/errata/RHSA-2026:1626", - "https://access.redhat.com/errata/RHSA-2026:1627", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/errata/RHSA-2026:1736", - "https://access.redhat.com/errata/RHSA-2026:2064", - "https://access.redhat.com/errata/RHSA-2026:2072", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2633", - "https://access.redhat.com/errata/RHSA-2026:2659", - "https://access.redhat.com/errata/RHSA-2026:2671", - "https://access.redhat.com/errata/RHSA-2026:2974", - "https://access.redhat.com/errata/RHSA-2026:3415", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -12889,24 +16166,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -12920,13 +16197,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12960,8 +16237,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03626, - "date": "2026-03-09" + "percentile": 0.03605, + "date": "2026-03-16" } ], "cwes": [ @@ -13020,8 +16297,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03626, - "date": "2026-03-09" + "percentile": 0.03605, + "date": "2026-03-16" } ], "cwes": [ @@ -13112,8 +16389,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13175,8 +16452,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13270,8 +16547,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13333,8 +16610,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13439,8 +16716,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13502,8 +16779,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13612,8 +16889,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -13672,8 +16949,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -13739,151 +17016,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -13909,8 +17041,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -13958,8 +17090,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14061,8 +17193,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14110,8 +17242,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14213,8 +17345,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14283,8 +17415,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14383,8 +17515,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14453,8 +17585,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14553,8 +17685,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14623,8 +17755,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14723,8 +17855,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14793,8 +17925,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14893,8 +18025,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14963,8 +18095,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15063,8 +18195,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15133,8 +18265,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15234,8 +18366,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15304,8 +18436,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15414,8 +18546,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15477,8 +18609,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15572,8 +18704,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15635,8 +18767,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15741,8 +18873,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15789,8 +18921,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15881,8 +19013,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -15942,8 +19074,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16034,8 +19166,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16097,8 +19229,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16189,8 +19321,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16255,8 +19387,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16350,8 +19482,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16416,8 +19548,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16504,7 +19636,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "A null pointer dereference flaw has been discovered in libexpat. The function `XML_ExternalEntityParserCreate` failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions `XML_ExternalEntityParserCreate` and `XML_SetUnknownEncodingHandler` for an application to be vulnerable.", "cvss": [ { "type": "Secondary", @@ -16522,8 +19654,8 @@ { "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00246, - "date": "2026-03-09" + "percentile": 0.00244, + "date": "2026-03-16" } ], "cwes": [ @@ -16581,8 +19713,8 @@ { "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00246, - "date": "2026-03-09" + "percentile": 0.00244, + "date": "2026-03-16" } ], "cwes": [ @@ -16655,7 +19787,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -16752,7 +19884,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17249,107 +20381,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-25.12.4.md b/docs/security/agent/grype-25.12.4.md index f426cb0..f2119f0 100644 --- a/docs/security/agent/grype-25.12.4.md +++ b/docs/security/agent/grype-25.12.4.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -15,21 +16,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 25.12.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.12.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-libs | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-pam | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-rpm-macros | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32776) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32778](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32778) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32777) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -68,7 +84,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -77,6 +92,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -86,25 +102,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-26.1.1.json b/docs/security/agent/grype-26.1.1.json index c5ce782..325c6f5 100644 --- a/docs/security/agent/grype-26.1.1.json +++ b/docs/security/agent/grype-26.1.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -93,8 +93,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -188,8 +188,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -256,8 +256,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -362,8 +362,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -441,8 +441,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -545,8 +545,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -590,8 +590,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -685,8 +685,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -730,8 +730,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -825,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -891,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -994,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1060,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -1163,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1219,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -1311,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1384,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1487,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1560,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1712,8 +1712,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1804,8 +1804,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1853,8 +1853,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1956,8 +1956,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2016,8 +2016,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -2108,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2157,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -2249,8 +2249,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2315,8 +2315,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2410,8 +2410,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2476,8 +2476,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -2582,8 +2582,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2649,8 +2649,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2747,8 +2747,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2822,8 +2822,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2920,8 +2920,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3016,8 +3016,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -3120,8 +3120,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3174,8 +3174,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -3272,8 +3272,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3320,8 +3320,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -3412,8 +3412,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3478,8 +3478,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3573,8 +3573,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3639,8 +3639,8 @@ { "cve": "CVE-2025-69419", "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ @@ -3748,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -3840,8 +3840,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -3906,8 +3906,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4001,8 +4001,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4067,8 +4067,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -4173,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4223,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -4315,8 +4315,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4363,8 +4363,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -4432,39 +4432,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4472,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4501,25 +4501,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4527,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4558,11 +4558,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4572,38 +4583,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4612,25 +4623,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -4641,17 +4652,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4659,7 +4670,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4667,21 +4678,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -4695,14 +4706,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4712,20 +4734,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4733,77 +4755,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,18 +4803,18 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4837,24 +4829,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -4868,29 +4857,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -4906,77 +4895,47 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.030875 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4984,17 +4943,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5002,7 +4961,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5010,24 +4969,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5041,48 +4997,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5090,16 +5035,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5123,31 +5068,44 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5155,16 +5113,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5187,7 +5145,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5229,20 +5187,20 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5208,16 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,48 +5241,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028480000000000005 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2025-66199", - "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5347,7 +5318,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5400,20 +5371,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5421,18 +5392,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5440,58 +5411,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-4111", + "cwe": "CWE-835", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5506,21 +5467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5534,37 +5495,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5572,75 +5533,81 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.028104999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5649,7 +5616,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5658,19 +5625,22 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -5688,22 +5658,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5713,134 +5672,3420 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" - }, + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19722, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" + ], + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "26.1.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "6f4d3a571294a37a", + "name": "fluent-bit", + "version": "26.1.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@26.1.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027590000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" + } + } + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023164999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" + ], + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3805", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.023114999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019090000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "0:10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019090000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.018025 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.018025 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00035, + "percentile": 0.09822, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "26.1.1" - } + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "6f4d3a571294a37a", - "name": "fluent-bit", - "version": "26.1.1", - "type": "binary", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@26.1.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5848,47 +9093,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5903,21 +9162,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5931,13 +9190,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5948,39 +9207,39 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5988,49 +9247,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6045,21 +9302,21 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6073,13 +9330,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6090,31 +9347,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6122,49 +9387,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6172,21 +9456,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6200,25 +9484,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6228,81 +9501,139 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024225 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04287, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6310,21 +9641,24 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -6338,25 +9672,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6366,100 +9689,92 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6467,7 +9782,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6475,24 +9790,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6506,14 +9818,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6523,100 +9846,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6624,7 +9947,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6632,24 +9955,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6663,25 +9983,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6691,100 +10000,100 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 + "advisories": [], + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6792,7 +10101,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6800,24 +10109,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "vulnerabilityID": "CVE-2025-5917", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6831,29 +10137,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6863,103 +10154,99 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], - "risk": 0.02314 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -6975,24 +10262,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7006,93 +10290,81 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.02314 + "advisories": [], + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7109,16 +10381,16 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -7127,7 +10399,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7136,22 +10408,19 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -7169,22 +10438,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -7194,39 +10452,39 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -7234,60 +10492,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7302,21 +10552,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7330,59 +10580,71 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -7392,58 +10654,63 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 7.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -7452,7 +10719,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7460,21 +10727,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -7488,19 +10755,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7510,38 +10772,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -7550,46 +10812,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -7605,21 +10868,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "systemd", + "version": "0:252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "61ec5b5e59ecabc9", + "name": "systemd", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -7633,13 +10896,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd:252-55.el9_7.7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7650,38 +10913,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -7690,46 +10953,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -7745,21 +11009,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "7f20fd2ed36b259b", + "name": "systemd-libs", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -7773,23 +11037,23 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "systemd", + "version": "252-55.el9_7.7" } ], "metadataType": "RpmMetadata", @@ -7801,39 +11065,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7841,55 +11105,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7897,21 +11161,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "6acd5815fd39e6e0", + "name": "systemd-pam", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -7925,14 +11189,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-pam:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-pam:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.7" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7942,103 +11217,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -8054,24 +11313,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "systemd", + "version": "252-55.el9_7.7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2026-4105", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "fad2f8c1542af0f5", + "name": "systemd-rpm-macros", + "version": "252-55.el9_7.7", "type": "rpm", "locations": [ { @@ -8085,23 +11341,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:systemd-rpm-macros:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm-macros:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.7?arch=noarch&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "systemd", + "version": "252-55.el9_7.7" } ], "metadataType": "RpmMetadata", @@ -8113,85 +11373,69 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:7.76.1-35.el9_7.3" - ], - "state": "fixed", - "available": [ - { - "version": "0:7.76.1-35.el9_7.3", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1350", - "link": "https://access.redhat.com/errata/RHSA-2026:1350" - } - ], - "risk": 0.018025 + "advisories": [], + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8199,25 +11443,25 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00035, - "percentile": 0.09824, - "date": "2026-03-09" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8225,24 +11469,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" - }, - "fix": { - "suggestedVersion": "0:7.76.1-35.el9_7.3" + "vulnerabilityID": "CVE-2026-1757", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -8259,22 +11500,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8284,100 +11514,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01728 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8393,21 +11623,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8421,13 +11654,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8438,20 +11671,20 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8459,65 +11692,79 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8525,7 +11772,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8533,21 +11780,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8561,14 +11811,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8578,100 +11839,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01449 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.009785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8679,7 +11940,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8687,21 +11948,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8715,14 +11979,29 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8732,139 +12011,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.013770000000000001 + "advisories": [], + "risk": 0.009134999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00018, - "percentile": 0.04322, - "date": "2026-03-09" + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8872,24 +12107,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-70873", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -8903,14 +12135,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8920,38 +12163,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -8960,34 +12203,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -8995,17 +12234,17 @@ ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9021,21 +12260,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9049,23 +12288,23 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -9077,38 +12316,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9117,42 +12356,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, + "baseScore": 6.5, + "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} @@ -9160,17 +12387,17 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9178,7 +12405,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9186,21 +12413,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9214,14 +12441,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9231,38 +12469,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9271,42 +12509,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012759999999999999 + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9314,17 +12540,17 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9332,7 +12558,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9340,21 +12566,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9368,14 +12594,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9385,44 +12622,38 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9431,53 +12662,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.00856 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9485,7 +12711,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9493,21 +12719,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9521,14 +12747,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9538,45 +12775,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -9584,29 +12815,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.007425 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -9614,35 +12846,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -9657,21 +12883,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -9685,13 +12911,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9702,12 +12928,12 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-32776", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32776", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", @@ -9723,18 +12949,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-32776", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-32776", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9742,47 +12968,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.007279999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-32776", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32776", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/libexpat/libexpat/pull/1158", + "https://github.com/libexpat/libexpat/pull/1159" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2026-32776", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-32776", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -9797,21 +13023,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2026-32776", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -9828,10 +13054,10 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9842,82 +13068,86 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9925,17 +13155,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9951,24 +13181,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9982,99 +13212,103 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10082,17 +13316,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10108,24 +13342,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10139,128 +13373,142 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-27", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.009785 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10268,7 +13516,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10276,24 +13524,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10307,69 +13555,60 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10393,49 +13632,53 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0072250000000000005 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -10444,7 +13687,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10453,12 +13696,12 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", + "vulnerabilityID": "CVE-2025-11187", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -10467,8 +13710,8 @@ } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -10486,11 +13729,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -10500,104 +13754,99 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", + "cve": "CVE-2025-30258", "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0072250000000000005 + "advisories": [], + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", + "cve": "CVE-2025-30258", "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10605,7 +13854,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10613,24 +13862,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10644,150 +13890,137 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10795,24 +14028,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -10826,131 +14056,142 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" }, { - "cve": "CVE-2025-11187", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.007214999999999999 + "advisories": [], + "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" }, { - "cve": "CVE-2025-11187", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -10958,7 +14199,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10966,24 +14207,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10997,48 +14235,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11046,18 +14273,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -11065,41 +14292,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11107,18 +14321,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -11133,21 +14347,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11161,13 +14375,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11178,91 +14392,110 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -11278,21 +14511,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -11306,56 +14539,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-32778", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32778", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in libexpat. This vulnerability allows an attacker to trigger a NULL pointer dereference in the `setContext` function. This occurs when the system attempts to retry an operation after an out-of-memory condition, which can lead to a Denial of Service (DoS) for the affected application.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.1, + "exploitabilityScore": 1.5, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-32778", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-32778", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -11363,59 +14596,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.006565 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-32778", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32778", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1163" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-32778", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-32778", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11423,21 +14651,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-32778", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -11451,72 +14679,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ], @@ -11525,66 +14736,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ] @@ -11592,7 +14783,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11600,21 +14791,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11628,25 +14819,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11656,99 +14836,104 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.006875 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" - ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11764,21 +14949,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11792,111 +14980,129 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11904,21 +15110,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11932,127 +15141,103 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.006695 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" - ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} - } + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0060999999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -12068,21 +15253,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12096,37 +15281,37 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12134,18 +15319,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12153,47 +15338,36 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" - ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12208,21 +15382,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl-fips-provider", + "version": "0:3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "4f0f0ad93452efa2", + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12236,13 +15410,23 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12253,103 +15437,74 @@ }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12358,7 +15513,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12366,24 +15521,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "039e508ce9d5da38", + "name": "openssl-fips-provider-so", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -12397,120 +15549,110 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "upstreams": [ + { + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0061600000000000005 + "advisories": [], + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12533,11 +15675,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" } } ], @@ -12586,45 +15725,39 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-32777", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32777", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition (DTD) content. This could lead to an infinite loop during parsing, resulting in a Denial of Service (DoS) for the application using libexpat.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2026-32777", "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "percentile": 0.01861, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-32777", + "cwe": "CWE-835", + "source": "cve@mitre.org", "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { @@ -12632,68 +15765,228 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.00585 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-32777", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32777", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libexpat/libexpat/issues/1161", + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1162", + "https://issues.oss-fuzz.com/issues/486993411" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-32777", + "epss": 0.00013, + "percentile": 0.01861, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-32777", + "cwe": "CWE-835", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-32777", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.00508 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/errata/RHSA-2026:2064", + "https://access.redhat.com/errata/RHSA-2026:2072", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", + "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-13601", + "epss": 0.00008, + "percentile": 0.00733, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -12709,21 +16002,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -12737,13 +16033,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12754,125 +16050,106 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:3.8.3-10.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" } ], - "risk": 0.00508 + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/errata/RHSA-2026:1323", - "https://access.redhat.com/errata/RHSA-2026:1324", - "https://access.redhat.com/errata/RHSA-2026:1326", - "https://access.redhat.com/errata/RHSA-2026:1327", - "https://access.redhat.com/errata/RHSA-2026:1465", - "https://access.redhat.com/errata/RHSA-2026:1608", - "https://access.redhat.com/errata/RHSA-2026:1624", - "https://access.redhat.com/errata/RHSA-2026:1625", - "https://access.redhat.com/errata/RHSA-2026:1626", - "https://access.redhat.com/errata/RHSA-2026:1627", - "https://access.redhat.com/errata/RHSA-2026:1652", - "https://access.redhat.com/errata/RHSA-2026:1736", - "https://access.redhat.com/errata/RHSA-2026:2064", - "https://access.redhat.com/errata/RHSA-2026:2072", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2633", - "https://access.redhat.com/errata/RHSA-2026:2659", - "https://access.redhat.com/errata/RHSA-2026:2671", - "https://access.redhat.com/errata/RHSA-2026:2974", - "https://access.redhat.com/errata/RHSA-2026:3415", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00008, - "percentile": 0.0074, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -12889,24 +16166,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -12920,13 +16197,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12960,8 +16237,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03626, - "date": "2026-03-09" + "percentile": 0.03605, + "date": "2026-03-16" } ], "cwes": [ @@ -13020,8 +16297,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03626, - "date": "2026-03-09" + "percentile": 0.03605, + "date": "2026-03-16" } ], "cwes": [ @@ -13112,8 +16389,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13175,8 +16452,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13270,8 +16547,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13333,8 +16610,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13439,8 +16716,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13502,8 +16779,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -13612,8 +16889,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -13672,8 +16949,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -13739,151 +17016,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -13909,8 +17041,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -13958,8 +17090,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14061,8 +17193,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14110,8 +17242,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -14213,8 +17345,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14283,8 +17415,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14383,8 +17515,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14453,8 +17585,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14553,8 +17685,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14623,8 +17755,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14723,8 +17855,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14793,8 +17925,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14893,8 +18025,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -14963,8 +18095,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15063,8 +18195,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15133,8 +18265,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15234,8 +18366,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15304,8 +18436,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-03-09" + "percentile": 0.00307, + "date": "2026-03-16" } ], "cwes": [ @@ -15414,8 +18546,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15477,8 +18609,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15572,8 +18704,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15635,8 +18767,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -15741,8 +18873,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15789,8 +18921,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -15881,8 +19013,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -15942,8 +19074,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -16034,8 +19166,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16097,8 +19229,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -16189,8 +19321,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16255,8 +19387,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16350,8 +19482,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16416,8 +19548,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -16504,7 +19636,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "A null pointer dereference flaw has been discovered in libexpat. The function `XML_ExternalEntityParserCreate` failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions `XML_ExternalEntityParserCreate` and `XML_SetUnknownEncodingHandler` for an application to be vulnerable.", "cvss": [ { "type": "Secondary", @@ -16522,8 +19654,8 @@ { "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00246, - "date": "2026-03-09" + "percentile": 0.00244, + "date": "2026-03-16" } ], "cwes": [ @@ -16581,8 +19713,8 @@ { "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00246, - "date": "2026-03-09" + "percentile": 0.00244, + "date": "2026-03-16" } ], "cwes": [ @@ -16655,7 +19787,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -16752,7 +19884,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -17249,107 +20381,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-26.1.1.md b/docs/security/agent/grype-26.1.1.md index a3f6db7..9ea669a 100644 --- a/docs/security/agent/grype-26.1.1.md +++ b/docs/security/agent/grype-26.1.1.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -15,21 +16,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | fluent-bit | 26.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 26.1.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-libs | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-pam | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-rpm-macros | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32776) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32778](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32778) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32777) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -68,7 +84,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -77,6 +92,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -86,25 +102,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | diff --git a/docs/security/agent/grype-26.2.4.json b/docs/security/agent/grype-26.2.4.json index 7f7cac3..4a2c64f 100644 --- a/docs/security/agent/grype-26.2.4.json +++ b/docs/security/agent/grype-26.2.4.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -208,8 +208,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -253,8 +253,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -348,8 +348,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ], "fix": { @@ -393,8 +393,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00949, - "percentile": 0.76074, - "date": "2026-03-09" + "percentile": 0.76142, + "date": "2026-03-16" } ] } @@ -488,8 +488,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -554,8 +554,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -657,8 +657,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -723,8 +723,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75109, - "date": "2026-03-09" + "percentile": 0.75174, + "date": "2026-03-16" } ], "cwes": [ @@ -826,8 +826,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -882,8 +882,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74556, - "date": "2026-03-09" + "percentile": 0.74619, + "date": "2026-03-16" } ], "cwes": [ @@ -974,8 +974,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1047,8 +1047,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1150,8 +1150,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1223,8 +1223,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.72258, - "date": "2026-03-09" + "percentile": 0.72321, + "date": "2026-03-16" } ], "cwes": [ @@ -1326,8 +1326,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1375,8 +1375,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1467,8 +1467,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1516,8 +1516,8 @@ { "cve": "CVE-2024-41996", "epss": 0.0043, - "percentile": 0.62158, - "date": "2026-03-09" + "percentile": 0.62216, + "date": "2026-03-16" } ], "cwes": [ @@ -1619,8 +1619,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -1679,8 +1679,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00258, - "percentile": 0.48817, - "date": "2026-03-09" + "percentile": 0.48897, + "date": "2026-03-16" } ], "cwes": [ @@ -1771,8 +1771,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -1820,8 +1820,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59786, - "date": "2026-03-09" + "percentile": 0.59847, + "date": "2026-03-16" } ], "cwes": [ @@ -1912,8 +1912,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -1979,8 +1979,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39253, - "date": "2026-03-09" + "percentile": 0.39254, + "date": "2026-03-16" } ], "cwes": [ @@ -2077,8 +2077,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2152,8 +2152,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.43951, - "date": "2026-03-09" + "percentile": 0.44004, + "date": "2026-03-16" } ], "cwes": [ @@ -2250,8 +2250,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -2346,8 +2346,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41718, - "date": "2026-03-09" + "percentile": 0.41732, + "date": "2026-03-16" } ], "cwes": [ @@ -2450,8 +2450,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -2504,8 +2504,8 @@ { "cve": "CVE-2025-60753", "epss": 0.00082, - "percentile": 0.23988, - "date": "2026-03-09" + "percentile": 0.23965, + "date": "2026-03-16" } ], "cwes": [ @@ -2602,8 +2602,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -2650,8 +2650,8 @@ { "cve": "CVE-2026-1489", "epss": 0.00073, - "percentile": 0.21937, - "date": "2026-03-09" + "percentile": 0.21907, + "date": "2026-03-16" } ], "cwes": [ @@ -2742,8 +2742,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -2792,8 +2792,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22635, - "date": "2026-03-09" + "percentile": 0.22609, + "date": "2026-03-16" } ], "cwes": [ @@ -2884,8 +2884,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -2932,8 +2932,8 @@ { "cve": "CVE-2026-1484", "epss": 0.00073, - "percentile": 0.22032, - "date": "2026-03-09" + "percentile": 0.21998, + "date": "2026-03-16" } ], "cwes": [ @@ -3001,39 +3001,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3041,28 +3041,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3070,25 +3070,25 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.17831, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3096,21 +3096,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "80060905a7bc7a57", + "name": "curl-minimal", + "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { @@ -3127,11 +3127,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-35.el9_7.3" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3141,38 +3152,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 1.7, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -3181,25 +3192,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031049999999999994 + "risk": 0.03186 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, @@ -3210,17 +3221,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2026-1965", "epss": 0.00054, - "percentile": 0.16527, - "date": "2026-03-09" + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -3228,7 +3239,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3236,21 +3247,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7.1" + "name": "curl", + "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "30f092785d030af5", - "name": "glib2", - "version": "2.68.4-18.el9_7.1", + "id": "17f6388a8875d95e", + "name": "libcurl-minimal", + "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { @@ -3264,14 +3275,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-35.el9_7.3" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3281,20 +3303,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3302,18 +3324,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3321,58 +3343,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17853, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -3387,21 +3398,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-7.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "019f13958fa4dc68", - "name": "openssl", - "version": "1:3.5.1-7.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3415,37 +3426,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3453,76 +3464,65 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0.028104999999999998 + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00073, - "percentile": 0.22029, - "date": "2026-03-09" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16517, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -3530,7 +3530,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3538,21 +3538,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-7.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "15b6910272a6e502", - "name": "openssl-libs", - "version": "1:3.5.1-7.el9_7", + "id": "30f092785d030af5", + "name": "glib2", + "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { @@ -3566,65 +3566,54 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-7.el9_7" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2026-4111", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4111", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2026-4111", + "cwe": "CWE-835", "source": "secalert@redhat.com", "type": "Primary" } @@ -3634,45 +3623,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.027804999999999996 + "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2026-4111", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2026-4111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", + "https://github.com/libarchive/libarchive/pull/2877" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00083, - "percentile": 0.24128, - "date": "2026-03-09" + "cve": "CVE-2026-4111", + "epss": 0.00038, + "percentile": 0.11017, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2026-4111", + "cwe": "CWE-835", "source": "secalert@redhat.com", "type": "Primary" } @@ -3689,21 +3679,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2026-4111", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "30f092785d030af5", - "name": "glib2", - "version": "2.68.4-18.el9_7.1", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3717,13 +3707,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3734,20 +3724,20 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3755,18 +3745,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -3774,49 +3764,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3831,21 +3830,21 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "1:3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "019f13958fa4dc68", + "name": "openssl", + "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { @@ -3859,37 +3858,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3897,10 +3896,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -3908,42 +3915,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.21995, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3958,21 +3981,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "openssl", + "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "15b6910272a6e502", + "name": "openssl-libs", + "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { @@ -3986,48 +4009,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "openssl", + "version": "3.5.1-7.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4035,10 +4058,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4046,31 +4077,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.027590000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4078,17 +4108,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15511, - "date": "2026-03-09" + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4096,21 +4134,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -4124,25 +4162,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4152,20 +4179,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4173,18 +4200,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" } ], "fix": { @@ -4192,60 +4211,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" } ] } @@ -4260,21 +4261,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -4288,17 +4289,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -4310,20 +4317,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4331,18 +4338,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" } ], "fix": { @@ -4350,60 +4349,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15514, + "date": "2026-03-16" } ] } @@ -4418,21 +4399,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -4446,17 +4427,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -4468,12 +4455,12 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", @@ -4489,66 +4476,84 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019090000000000003 + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.023175 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -4563,21 +4568,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -4591,13 +4599,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4608,39 +4616,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4648,23 +4656,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019090000000000003 + "risk": 0.023164999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4677,18 +4687,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00046, - "percentile": 0.13863, - "date": "2026-03-09" + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4703,23 +4713,23 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "curl", + "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-3805", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ + "id": "80060905a7bc7a57", + "name": "curl-minimal", + "version": "7.76.1-35.el9_7.3", + "type": "rpm", + "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", @@ -4731,23 +4741,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "curl", + "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", @@ -4759,38 +4769,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2026-3805", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4799,47 +4809,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.023164999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4847,7 +4858,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4855,21 +4866,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "curl", + "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2026-3805", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "17f6388a8875d95e", + "name": "libcurl-minimal", + "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { @@ -4883,14 +4894,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-35.el9_7.3" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4900,39 +4922,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -4940,61 +4962,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01728 + "risk": 0.023114999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00036, - "percentile": 0.10298, - "date": "2026-03-09" + "cve": "CVE-2026-0988", + "epss": 0.00069, + "percentile": 0.20995, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5009,21 +5017,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "30f092785d030af5", + "name": "glib2", + "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { @@ -5037,13 +5045,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5054,39 +5062,39 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5094,54 +5102,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13117, - "date": "2026-03-09" - } + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" + } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5149,21 +5170,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7.1" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "30f092785d030af5", - "name": "glib2", - "version": "2.68.4-18.el9_7.1", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -5177,14 +5198,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5194,39 +5220,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5234,68 +5260,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01449 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00042, - "percentile": 0.12557, - "date": "2026-03-09" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5303,21 +5328,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -5331,14 +5356,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5348,39 +5378,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5388,60 +5418,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08073, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5449,21 +5473,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -5477,25 +5501,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5505,39 +5518,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5545,68 +5558,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00038, - "percentile": 0.11014, - "date": "2026-03-09" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13865, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5916", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5614,21 +5613,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -5645,11 +5644,22 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5659,37 +5669,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 2.8, + "baseScore": 6.6, "exploitabilityScore": 1.4, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5699,59 +5709,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012759999999999999 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, + "baseScore": 6.6, "exploitabilityScore": 1.4, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 2.8, + "baseScore": 6.6, "exploitabilityScore": 1.4, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00044, - "percentile": 0.13075, - "date": "2026-03-09" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5774,7 +5784,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } @@ -5813,44 +5823,38 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -5859,53 +5863,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.1312, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5921,21 +5918,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "30f092785d030af5", + "name": "glib2", + "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { @@ -5949,13 +5946,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5966,45 +5963,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -6012,28 +6003,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, + "baseScore": 6.6, + "exploitabilityScore": 1.4, "impactScore": 5.2 }, "vendorMetadata": {} @@ -6042,10 +6035,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, + "baseScore": 3.9, + "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} @@ -6053,24 +6046,18 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06199, - "date": "2026-03-09" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12547, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -6085,21 +6072,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6113,13 +6100,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6130,37 +6117,37 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6170,45 +6157,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01008 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00018, - "percentile": 0.04164, - "date": "2026-03-09" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08052, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6217,7 +6210,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6225,21 +6218,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6253,14 +6246,25 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6270,38 +6274,38 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -6310,59 +6314,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06354, - "date": "2026-03-09" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11016, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6378,21 +6383,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-5.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6612ed205a98e91d", - "name": "gnupg2", - "version": "2.3.3-5.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6406,13 +6411,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-5.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6423,20 +6428,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6444,17 +6449,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -6463,51 +6468,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6523,21 +6537,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-7.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "019f13958fa4dc68", - "name": "openssl", - "version": "1:3.5.1-7.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6551,55 +6565,61 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -6608,51 +6628,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0070149999999999995 + "risk": 0.01239 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2026-22185", + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -6660,7 +6682,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6668,21 +6690,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-7.el9_7" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "15b6910272a6e502", - "name": "openssl-libs", - "version": "1:3.5.1-7.el9_7", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -6696,73 +6718,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-7.el9_7" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -6770,42 +6775,178 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.01098 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-7.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "019f13958fa4dc68", + "name": "openssl", + "version": "1:3.5.1-7.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01098 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6813,24 +6954,18 @@ ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04243, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -6845,21 +6980,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "openssl", + "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "15b6910272a6e502", + "name": "openssl-libs", + "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { @@ -6873,67 +7008,73 @@ ], "language": "", "licenses": [ - "Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "openssl", + "version": "3.5.1-7.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6941,30 +7082,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006875 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -6972,28 +7112,3173 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00025, - "percentile": 0.06308, - "date": "2026-03-09" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06196, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01053 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" + ], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "systemd", + "version": "0:252-55.el9_7.7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-4105", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "61ec5b5e59ecabc9", + "name": "systemd", + "version": "252-55.el9_7.7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT and GPLv2+" + ], + "cpes": [ + "cpe:2.3:a:systemd:systemd:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01053 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" + ], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "systemd", + "version": "252-55.el9_7.7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-4105", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7f20fd2ed36b259b", + "name": "systemd-libs", + "version": "252-55.el9_7.7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT" + ], + "cpes": [ + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01053 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" + ], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "systemd", + "version": "252-55.el9_7.7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-4105", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "6acd5815fd39e6e0", + "name": "systemd-pam", + "version": "252-55.el9_7.7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT and GPLv2+" + ], + "cpes": [ + "cpe:2.3:a:systemd-pam:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-pam:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-pam:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_pam:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.7?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-4105", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01053 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" + ], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "systemd", + "version": "252-55.el9_7.7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-4105", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "fad2f8c1542af0f5", + "name": "systemd-rpm-macros", + "version": "252-55.el9_7.7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT and GPLv2+" + ], + "cpes": [ + "cpe:2.3:a:systemd-rpm-macros:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm-macros:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-rpm-macros:252-55.el9_7.7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_rpm_macros:252-55.el9_7.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.7?arch=noarch&distro=rhel-9.7&upstream=systemd-252-55.el9_7.7.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01008 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" + ], + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04337, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1757", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-70873", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009134999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-70873", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", + "https://sqlite.org/forum/forumpost/761eac3c82", + "https://sqlite.org/src/info/3d459f1fb1bd1b5e" + ], + "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-70873", + "epss": 0.00029, + "percentile": 0.07975, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-70873", + "cwe": "CWE-244", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-70873", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008624999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" + ], + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-35.el9_7.3" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3784", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "80060905a7bc7a57", + "name": "curl-minimal", + "version": "7.76.1-35.el9_7.3", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-35.el9_7.3" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3784", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008624999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" + ], + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-35.el9_7.3" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3784", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "17f6388a8875d95e", + "name": "libcurl-minimal", + "version": "7.76.1-35.el9_7.3", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-35.el9_7.3" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00856 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-35.el9_7.3" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "80060905a7bc7a57", + "name": "curl-minimal", + "version": "7.76.1-35.el9_7.3", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-35.el9_7.3" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-3783", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.7, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00856 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-35.el9_7.3" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "17f6388a8875d95e", + "name": "libcurl-minimal", + "version": "7.76.1-35.el9_7.3", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-35.el9_7.3" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007425 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + ], + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6170", + "epss": 0.00027, + "percentile": 0.07274, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-32776", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32776", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-32776", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-32776", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007279999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-32776", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32776", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/libexpat/libexpat/pull/1158", + "https://github.com/libexpat/libexpat/pull/1159" + ], + "description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", + "cvss": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-32776", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-32776", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-32776", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007125000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + ], + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06345, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-5.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-30258", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "6612ed205a98e91d", + "name": "gnupg2", + "version": "2.3.3-5.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-5.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00693 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" + ], + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04206, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006899999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00015, + "percentile": 0.03038, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-5.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "6612ed205a98e91d", + "name": "gnupg2", + "version": "2.3.3-5.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-5.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0067 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.0489, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.006695 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" + ], + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.0198, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-32778", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32778", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libexpat. This vulnerability allows an attacker to trigger a NULL pointer dereference in the `setContext` function. This occurs when the system attempts to retry an operation after an out-of-memory condition, which can lead to a Denial of Service (DoS) for the affected application.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.1, + "exploitabilityScore": 1.5, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-32778", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-32778", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-32778", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32778", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1163" + ], + "description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", + "cvss": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-32778", + "epss": 0.00013, + "percentile": 0.02042, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-32778", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-32778", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006490000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05527, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0060999999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" + ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-7.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "019f13958fa4dc68", + "name": "openssl", + "version": "1:3.5.1-7.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0060999999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" + ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7009,21 +10294,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl-fips-provider", + "version": "0:3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "4f0f0ad93452efa2", + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -7037,13 +10322,23 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7054,20 +10349,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7075,18 +10370,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", + "cve": "CVE-2026-2673", "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -7094,54 +10389,43 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0067 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" - ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0989", + "cve": "CVE-2026-2673", "epss": 0.0002, - "percentile": 0.04896, - "date": "2026-03-09" + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7149,21 +10433,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "039e508ce9d5da38", + "name": "openssl-fips-provider-so", + "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { @@ -7177,14 +10461,33 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", + "upstreams": [ + { + "name": "openssl-fips-provider", + "version": "3.0.7-8.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7194,110 +10497,75 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0060999999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" - ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} - } + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02062, - "date": "2026-03-09" + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7305,7 +10573,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7313,21 +10581,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "15b6910272a6e502", + "name": "openssl-libs", + "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { @@ -7341,37 +10609,48 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-7.el9_7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-32777", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32777", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition (DTD) content. This could lead to an infinite loop during parsing, resulting in a Denial of Service (DoS) for the application using libexpat.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7379,17 +10658,17 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-32777", + "epss": 0.00013, + "percentile": 0.01861, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2026-32777", + "cwe": "CWE-835", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -7398,28 +10677,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.00585 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-32777", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32777", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/libexpat/libexpat/issues/1161", + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1162", + "https://issues.oss-fuzz.com/issues/486993411" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7427,17 +10708,17 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05567, - "date": "2026-03-09" + "cve": "CVE-2026-32777", + "epss": 0.00013, + "percentile": 0.01861, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2026-32777", + "cwe": "CWE-835", + "source": "cve@mitre.org", "type": "Primary" } ] @@ -7453,21 +10734,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-32777", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -7484,10 +10765,10 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7498,90 +10779,89 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-10.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-10.el9_7", + "date": "2026-03-13", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005979999999999999 + "advisories": [ + { + "id": "RHSA-2026:4188", + "link": "https://access.redhat.com/errata/RHSA-2026:4188" + } + ], + "risk": 0.004899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7589,23 +10869,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.02086, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7621,21 +10895,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-5.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 0:3.8.3-10.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-10.el9_7" } } ], "artifact": { - "id": "6612ed205a98e91d", - "name": "gnupg2", - "version": "2.3.3-5.el9_7", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -7649,13 +10926,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-5.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7689,8 +10966,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03626, - "date": "2026-03-09" + "percentile": 0.03605, + "date": "2026-03-16" } ], "cwes": [ @@ -7749,8 +11026,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03626, - "date": "2026-03-09" + "percentile": 0.03605, + "date": "2026-03-16" } ], "cwes": [ @@ -7841,8 +11118,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -7901,8 +11178,8 @@ { "cve": "CVE-2026-24883", "epss": 0.00013, - "percentile": 0.01881, - "date": "2026-03-09" + "percentile": 0.01793, + "date": "2026-03-16" } ], "cwes": [ @@ -7968,151 +11245,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00385 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -8138,8 +11270,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -8187,8 +11319,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -8290,8 +11422,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -8339,8 +11471,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -8442,8 +11574,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -8490,8 +11622,8 @@ { "cve": "CVE-2026-1485", "epss": 0.00008, - "percentile": 0.00641, - "date": "2026-03-09" + "percentile": 0.00639, + "date": "2026-03-16" } ], "cwes": [ @@ -8582,8 +11714,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -8643,8 +11775,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00004, - "percentile": 0.00132, - "date": "2026-03-09" + "percentile": 0.0013, + "date": "2026-03-16" } ], "cwes": [ @@ -8735,8 +11867,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -8798,8 +11930,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -8872,7 +12004,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "A null pointer dereference flaw has been discovered in libexpat. The function `XML_ExternalEntityParserCreate` failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions `XML_ExternalEntityParserCreate` and `XML_SetUnknownEncodingHandler` for an application to be vulnerable.", "cvss": [ { "type": "Secondary", @@ -8890,8 +12022,8 @@ { "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00246, - "date": "2026-03-09" + "percentile": 0.00244, + "date": "2026-03-16" } ], "cwes": [ @@ -8949,8 +12081,8 @@ { "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00246, - "date": "2026-03-09" + "percentile": 0.00244, + "date": "2026-03-16" } ], "cwes": [ @@ -9023,7 +12155,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -9120,7 +12252,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", @@ -9617,107 +12749,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/agent/grype-26.2.4.md b/docs/security/agent/grype-26.2.4.md index b90f8da..cd3fe51 100644 --- a/docs/security/agent/grype-26.2.4.md +++ b/docs/security/agent/grype-26.2.4.md @@ -5,17 +5,33 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | | glib2 | 2.68.4-18.el9_7.1 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | glib2 | 2.68.4-18.el9_7.1 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | glib2 | 2.68.4-18.el9_7.1 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| curl-minimal | 7.76.1-35.el9_7.3 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | +| libcurl-minimal | 7.76.1-35.el9_7.3 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7.1 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| curl-minimal | 7.76.1-35.el9_7.3 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | +| libcurl-minimal | 7.76.1-35.el9_7.3 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| systemd | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-libs | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-pam | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd-rpm-macros | 252-55.el9_7.7 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | +| curl-minimal | 7.76.1-35.el9_7.3 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl-minimal | 7.76.1-35.el9_7.3 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| curl-minimal | 7.76.1-35.el9_7.3 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| libcurl-minimal | 7.76.1-35.el9_7.3 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32776) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32778](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32778) | Medium | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-32777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32777) | Medium | | curl-minimal | 7.76.1-35.el9_7.3 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-35.el9_7.3 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-5.el9_7 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | @@ -38,10 +54,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.5.1-7.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-7.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7.1 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glib2 | 2.68.4-18.el9_7.1 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -51,18 +67,23 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | -| gnupg2 | 2.3.3-5.el9_7 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | openssl | 1:3.5.1-7.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-7.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2025-70873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-5.el9_7 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| gnupg2 | 2.3.3-5.el9_7 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| gnupg2 | 2.3.3-5.el9_7 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | +| openssl | 1:3.5.1-7.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-fips-provider-so | 3.0.7-8.el9 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| openssl-libs | 1:3.5.1-7.el9_7 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | gnupg2 | 2.3.3-5.el9_7 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glib2 | 2.68.4-18.el9_7.1 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2026-24515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515) | Low | diff --git a/docs/security/agent/grype-latest.md b/docs/security/agent/grype-latest.md index ca05dd8..8a023f9 100644 --- a/docs/security/agent/grype-latest.md +++ b/docs/security/agent/grype-latest.md @@ -1,6 +1,7 @@ ## Known agent vulnerabilities -High and critical vulnerabilities not triaged for the latest version (ghcr.io/telemetryforge/agent:26.2.4) of the agent are shown below, as reported by Grype. +High and critical vulnerabilities not triaged for the latest version (ghcr.io/telemetryforge/agent:26.3.3) of the agent are shown below, as reported by Grype. | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| libarchive | 3.5.3-6.el9_6 | [CVE-2026-4111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111) | High | diff --git a/docs/security/oss/grype-4.0.14.json b/docs/security/oss/grype-4.0.14.json index d431e02..0cf2a20 100644 --- a/docs/security/oss/grype-4.0.14.json +++ b/docs/security/oss/grype-4.0.14.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -215,8 +215,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -283,8 +283,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -383,8 +383,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87877, - "date": "2026-03-09" + "percentile": 0.87925, + "date": "2026-03-16" } ], "cwes": [ @@ -518,8 +518,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87877, - "date": "2026-03-09" + "percentile": 0.87925, + "date": "2026-03-16" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -673,8 +673,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -773,8 +773,8 @@ { "cve": "CVE-2017-17740", "epss": 0.02871, - "percentile": 0.86062, - "date": "2026-03-09" + "percentile": 0.86102, + "date": "2026-03-16" } ], "cwes": [ @@ -836,8 +836,8 @@ { "cve": "CVE-2017-17740", "epss": 0.02871, - "percentile": 0.86062, - "date": "2026-03-09" + "percentile": 0.86102, + "date": "2026-03-16" } ], "cwes": [ @@ -933,9 +933,9 @@ "epss": [ { "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30109, - "date": "2026-03-09" + "epss": 0.00132, + "percentile": 0.32612, + "date": "2026-03-16" } ], "cwes": [ @@ -965,7 +965,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.093725 + "risk": 0.10758000000000001 }, "relatedVulnerabilities": [ { @@ -994,9 +994,9 @@ "epss": [ { "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30109, - "date": "2026-03-09" + "epss": 0.00132, + "percentile": 0.32612, + "date": "2026-03-16" } ], "cwes": [ @@ -1073,9 +1073,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82337, - "date": "2026-03-09" + "epss": 0.01912, + "percentile": 0.83113, + "date": "2026-03-16" } ], "fix": { @@ -1083,7 +1083,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08785 + "risk": 0.09560000000000002 }, "relatedVulnerabilities": [ { @@ -1127,9 +1127,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82337, - "date": "2026-03-09" + "epss": 0.01912, + "percentile": 0.83113, + "date": "2026-03-16" } ] } @@ -1205,8 +1205,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80809, - "date": "2026-03-09" + "percentile": 0.80861, + "date": "2026-03-16" } ], "cwes": [ @@ -1268,8 +1268,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80809, - "date": "2026-03-09" + "percentile": 0.80861, + "date": "2026-03-16" } ], "cwes": [ @@ -1363,8 +1363,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1423,8 +1423,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1508,8 +1508,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1568,8 +1568,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1644,8 +1644,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1704,8 +1704,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1785,8 +1785,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1845,8 +1845,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1933,9 +1933,9 @@ "epss": [ { "cve": "CVE-2026-2006", - "epss": 0.00075, - "percentile": 0.22442, - "date": "2026-03-09" + "epss": 0.00087, + "percentile": 0.24841, + "date": "2026-03-16" } ], "cwes": [ @@ -1965,7 +1965,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.061125000000000006 + "risk": 0.070905 }, "relatedVulnerabilities": [ { @@ -1994,9 +1994,9 @@ "epss": [ { "cve": "CVE-2026-2006", - "epss": 0.00075, - "percentile": 0.22442, - "date": "2026-03-09" + "epss": 0.00087, + "percentile": 0.24841, + "date": "2026-03-16" } ], "cwes": [ @@ -2086,9 +2086,9 @@ "epss": [ { "cve": "CVE-2026-2005", - "epss": 0.00066, - "percentile": 0.20179, - "date": "2026-03-09" + "epss": 0.00076, + "percentile": 0.22508, + "date": "2026-03-16" } ], "cwes": [ @@ -2118,7 +2118,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.053790000000000004 + "risk": 0.06194000000000001 }, "relatedVulnerabilities": [ { @@ -2147,9 +2147,9 @@ "epss": [ { "cve": "CVE-2026-2005", - "epss": 0.00066, - "percentile": 0.20179, - "date": "2026-03-09" + "epss": 0.00076, + "percentile": 0.22508, + "date": "2026-03-16" } ], "cwes": [ @@ -2240,8 +2240,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.27974, - "date": "2026-03-09" + "percentile": 0.27935, + "date": "2026-03-16" } ], "fix": { @@ -2284,8 +2284,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.27974, - "date": "2026-03-09" + "percentile": 0.27935, + "date": "2026-03-16" } ] } @@ -2339,6 +2339,154 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12818", + "epss": 0.00096, + "percentile": 0.26549, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.052320000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2025-12818/" + ], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12818", + "epss": 0.00096, + "percentile": 0.26549, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "postgresql-15", + "version": "15.14-0+deb12u1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" + } + } + ], + "artifact": { + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libpq5", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "upstreams": [ + { + "name": "postgresql-15" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-69421", @@ -2365,8 +2513,8 @@ { "cve": "CVE-2025-69421", "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ @@ -2443,8 +2591,8 @@ { "cve": "CVE-2025-69421", "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ @@ -2532,113 +2680,97 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69419", + "cve": "CVE-2025-13151", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.045445 + "advisories": [], + "risk": 0.0465 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69419", + "cve": "CVE-2025-13151", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2646,146 +2778,148 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69419", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75428, - "date": "2026-03-09" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0452 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.045445 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 3.9, - "impactScore": 3.4 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75428, - "date": "2026-03-09" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2800,129 +2934,150 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-0725", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74804, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2019-9192", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.044250000000000005 + "risk": 0.043000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74804, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2019-9192", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -2931,7 +3086,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2939,67 +3094,85 @@ "version": "12" }, "package": { - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "48b70e4d102cdd4b", - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libtasn1-6", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.0086, - "percentile": 0.74743, - "date": "2026-03-09" + "cve": "CVE-2019-1010025", + "epss": 0.00856, + "percentile": 0.74757, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -3009,29 +3182,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.043000000000000003 + "risk": 0.0428 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -3039,7 +3215,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -3050,16 +3226,16 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.0086, - "percentile": 0.74743, - "date": "2026-03-09" + "cve": "CVE-2019-1010025", + "epss": 0.00856, + "percentile": 0.74757, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -3082,7 +3258,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -3136,90 +3312,88 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00856, - "percentile": 0.74696, - "date": "2026-03-09" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0428 + "risk": 0.039749999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00856, - "percentile": 0.74696, - "date": "2026-03-09" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -3240,7 +3414,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -3294,95 +3468,105 @@ }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22241, - "date": "2026-03-09" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.15-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.040330000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.039654999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22241, - "date": "2026-03-09" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3398,65 +3582,88 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3464,155 +3671,92 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.039749999999999994 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" + ], "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.0.14" + } }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", + "id": "c905f0929b4d792a", + "name": "fluent-bit", + "version": "4.0.14", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:5b569cad7f670f9ddc6815c98c7ed6f65d91e742fc4575e83f84a680734cd4e0", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.0.14", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3620,65 +3764,55 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "cve": "CVE-2025-12817", + "epss": 0.0011, + "percentile": 0.29293, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ - "3.0.18-1~deb12u2" + "15.15-0+deb12u1" ], "state": "fixed", "available": [ { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.039654999999999996 + "advisories": [], + "risk": 0.03355 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3686,17 +3820,17 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "cve": "CVE-2025-12817", + "epss": 0.0011, + "percentile": 0.29293, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -3712,164 +3846,48 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" }, "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "openssl" + "name": "postgresql-15" } ] } }, - { - "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.037275 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.14" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c905f0929b4d792a", - "name": "fluent-bit", - "version": "4.0.14", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:5b569cad7f670f9ddc6815c98c7ed6f65d91e742fc4575e83f84a680734cd4e0", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.14", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2019-1010024", @@ -3883,8 +3901,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70355, - "date": "2026-03-09" + "percentile": 0.70426, + "date": "2026-03-16" } ], "cwes": [ @@ -3947,8 +3965,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70355, - "date": "2026-03-09" + "percentile": 0.70426, + "date": "2026-03-16" } ], "cwes": [ @@ -4031,85 +4049,123 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2026-1965", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-1965", + "namespace": "debian:distro:debian:12", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "wont-fix" }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.031049999999999994 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" + ], + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.0.14" - } + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-1965", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c905f0929b4d792a", - "name": "fluent-bit", - "version": "4.0.14", - "type": "binary", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:5b569cad7f670f9ddc6815c98c7ed6f65d91e742fc4575e83f84a680734cd4e0", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -4118,122 +4174,97 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.0.14", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0055, - "percentile": 0.67585, - "date": "2026-03-09" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-385", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.0275 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0055, - "percentile": 0.67585, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-385", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" + ], "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.0.14" + } }, "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", + "id": "c905f0929b4d792a", + "name": "fluent-bit", + "version": "4.0.14", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:5b569cad7f670f9ddc6815c98c7ed6f65d91e742fc4575e83f84a680734cd4e0", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -4242,34 +4273,34 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "purl": "pkg:github/fluent/fluent-bit@4.0.14", "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66224, - "date": "2026-03-09" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67658, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -4278,60 +4309,50 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025750000000000002 + "risk": 0.0275 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66224, - "date": "2026-03-09" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67658, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -4353,7 +4374,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2024-2236", "versionConstraint": "none (unknown)" } } @@ -4407,9 +4428,9 @@ "epss": [ { "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.14888, - "date": "2026-03-09" + "epss": 0.00056, + "percentile": 0.17356, + "date": "2026-03-16" } ], "cwes": [ @@ -4439,7 +4460,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.022785 + "risk": 0.026039999999999994 }, "relatedVulnerabilities": [ { @@ -4468,9 +4489,9 @@ "epss": [ { "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.14888, - "date": "2026-03-09" + "epss": 0.00056, + "percentile": 0.17356, + "date": "2026-03-16" } ], "cwes": [ @@ -4537,77 +4558,221 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "Negligible", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20185, - "date": "2026-03-09" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.6631, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.02013 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.6631, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2018-6829", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.7.9-2+deb12u6" + ], + "state": "fixed", + "available": [ + { + "version": "3.7.9-2+deb12u6", + "date": "2026-02-18", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6140-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4615,17 +4780,17 @@ ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20185, - "date": "2026-03-09" + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4641,56 +4806,625 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" + }, + "fix": { + "suggestedVersion": "3.7.9-2+deb12u6" + } + } + ], + "artifact": { + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgnutls30", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", + "upstreams": [ + { + "name": "gnutls28" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-0725", + "epss": 0.00442, + "percentile": 0.62966, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0221 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" + ], + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 7.3, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-0725", + "epss": 0.00442, + "percentile": 0.62966, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-0725", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11565, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.020085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" + ], + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11565, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59944, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019700000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59944, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" - } - } - ], - "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", - "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { - "evidence": "primary" + "evidence": "supporting" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "postgresql-15" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4707,18 +5441,18 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11553, - "date": "2026-03-09" + "cve": "CVE-2025-14524", + "epss": 0.0003, + "percentile": 0.08206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4726,20 +5460,21 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.020085 + "risk": 0.015449999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4756,18 +5491,18 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11553, - "date": "2026-03-09" + "cve": "CVE-2025-14524", + "epss": 0.0003, + "percentile": 0.08206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4788,7 +5523,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2025-14524", "versionConstraint": "none (unknown)" } } @@ -4823,79 +5558,88 @@ }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59883, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.019700000000000002 + "risk": 0.014249999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59883, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4916,7 +5660,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } @@ -4970,81 +5714,53 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.7.9-2+deb12u6" - ], - "state": "fixed", - "available": [ - { - "version": "3.7.9-2+deb12u6", - "date": "2026-02-18", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6140-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" - } - ], - "risk": 0.019055 + "advisories": [], + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5055,18 +5771,18 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5081,30 +5797,27 @@ "version": "12" }, "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" - }, - "fix": { - "suggestedVersion": "3.7.9-2+deb12u6" + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgnutls30", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -5113,31 +5826,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gnutls28" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54089, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5145,66 +5875,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01565 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54089, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5219,148 +5930,114 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.015449999999999998 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14524.html", - "https://curl.se/docs/CVE-2025-14524.json", - "https://hackerone.com/reports/3459417", - "http://www.openwall.com/lists/oss-security/2026/01/07/4" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5377,27 +6054,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -5406,100 +6083,92 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.014249999999999999 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5514,60 +6183,41 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } @@ -5585,8 +6235,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43824, - "date": "2026-03-09" + "percentile": 0.43875, + "date": "2026-03-16" } ], "cwes": [ @@ -5650,8 +6300,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43824, - "date": "2026-03-09" + "percentile": 0.43875, + "date": "2026-03-16" } ], "cwes": [ @@ -5724,74 +6374,88 @@ }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5807,27 +6471,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -5836,95 +6500,100 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "krb5" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5932,7 +6601,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5940,27 +6609,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -5969,37 +6638,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.4244, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2024-2379", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -6009,45 +6674,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.4244, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2024-2379", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -6064,27 +6738,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2024-2379", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -6093,92 +6767,118 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0103 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.008925 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6193,125 +6893,155 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2026-3784", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3784", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", - "cvss": [], + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42397, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.01025 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42397, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6332,7 +7062,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } @@ -6367,105 +7097,89 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", + "id": "CVE-2026-3783", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3783", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.008925 + "advisories": [], + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -6481,65 +7195,41 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "openssl" + "name": "curl" } ] } @@ -6557,8 +7247,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6624,8 +7314,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6706,8 +7396,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6773,8 +7463,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6864,8 +7554,8 @@ { "cve": "CVE-2025-68160", "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ @@ -6930,8 +7620,8 @@ { "cve": "CVE-2025-68160", "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ @@ -7030,8 +7720,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3258, - "date": "2026-03-09" + "percentile": 0.32482, + "date": "2026-03-16" } ], "cwes": [ @@ -7092,8 +7782,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3258, - "date": "2026-03-09" + "percentile": 0.32482, + "date": "2026-03-16" } ], "cwes": [ @@ -7198,66 +7888,238 @@ ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00659, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.006360000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00659, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.7.9-2+deb12u6" + ], + "state": "fixed", + "available": [ + { + "version": "3.7.9-2+deb12u6", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.006360000000000001 + "risk": 0.0063 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.9 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7273,60 +8135,44 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" + }, + "fix": { + "suggestedVersion": "3.7.9-2+deb12u6" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgnutls30", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { - "name": "glibc" + "name": "gnutls28" } ] } @@ -7344,8 +8190,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7394,8 +8240,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7470,8 +8316,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7520,8 +8366,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7592,8 +8438,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7642,8 +8488,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7718,8 +8564,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7768,8 +8614,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7827,160 +8673,6 @@ "upstreams": [] } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.7.9-2+deb12u6" - ], - "state": "fixed", - "available": [ - { - "version": "3.7.9-2+deb12u6", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0.00495 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" - }, - "fix": { - "suggestedVersion": "3.7.9-2+deb12u6" - } - } - ], - "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } - }, { "vulnerability": { "id": "CVE-2017-14159", @@ -7994,8 +8686,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00092, - "percentile": 0.25756, - "date": "2026-03-09" + "percentile": 0.25729, + "date": "2026-03-16" } ], "cwes": [ @@ -8054,8 +8746,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00092, - "percentile": 0.25756, - "date": "2026-03-09" + "percentile": 0.25729, + "date": "2026-03-16" } ], "cwes": [ @@ -8139,8 +8831,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8187,8 +8879,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8272,8 +8964,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8320,8 +9012,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8396,8 +9088,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8444,8 +9136,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8525,8 +9217,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8573,8 +9265,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8649,8 +9341,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00072, - "percentile": 0.21754, - "date": "2026-03-09" + "percentile": 0.21722, + "date": "2026-03-16" } ], "cwes": [ @@ -8699,8 +9391,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00072, - "percentile": 0.21754, - "date": "2026-03-09" + "percentile": 0.21722, + "date": "2026-03-16" } ], "cwes": [ @@ -8774,9 +9466,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00069, - "percentile": 0.20993, - "date": "2026-03-09" + "epss": 0.00071, + "percentile": 0.21481, + "date": "2026-03-16" } ], "cwes": [ @@ -8792,7 +9484,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00345 + "risk": 0.00355 }, "relatedVulnerabilities": [ { @@ -8822,9 +9514,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00069, - "percentile": 0.20993, - "date": "2026-03-09" + "epss": 0.00071, + "percentile": 0.21481, + "date": "2026-03-16" } ], "cwes": [ @@ -8933,8 +9625,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -8996,8 +9688,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -9072,8 +9764,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9133,8 +9825,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9241,8 +9933,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9302,8 +9994,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9378,8 +10070,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9439,8 +10131,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9543,8 +10235,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9604,8 +10296,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9703,8 +10395,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9764,8 +10456,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9876,8 +10568,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -9942,8 +10634,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -10042,8 +10734,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10109,8 +10801,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10191,8 +10883,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10258,8 +10950,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10336,8 +11028,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "percentile": 0.08352, + "date": "2026-03-16" } ], "cwes": [ @@ -10386,8 +11078,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "percentile": 0.08352, + "date": "2026-03-16" } ], "cwes": [ @@ -10461,9 +11153,9 @@ "epss": [ { "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ @@ -10485,7 +11177,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.001 + "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { @@ -10516,9 +11208,9 @@ "epss": [ { "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ @@ -10608,8 +11300,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00018, - "percentile": 0.04357, - "date": "2026-03-09" + "percentile": 0.0432, + "date": "2026-03-16" } ], "fix": { @@ -10651,8 +11343,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00018, - "percentile": 0.04357, - "date": "2026-03-09" + "percentile": 0.0432, + "date": "2026-03-16" } ] } @@ -10719,8 +11411,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -10768,8 +11460,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -11159,107 +11851,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/oss/grype-4.0.14.md b/docs/security/oss/grype-4.0.14.md index 0e32b1d..e67e8ec 100644 --- a/docs/security/oss/grype-4.0.14.md +++ b/docs/security/oss/grype-4.0.14.md @@ -12,8 +12,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005) | High | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | -| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | @@ -21,12 +21,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | | fluent-bit | 4.0.14 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | fluent-bit | 4.0.14 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003) | Medium | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libsystemd0 | 254.26-1~bpo12+1 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd | 254.26-1~bpo12+1 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | | zlib1g | 1:1.2.13.dfsg-1 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Medium | @@ -40,19 +45,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.1.0.json b/docs/security/oss/grype-4.1.0.json index addcb29..7320713 100644 --- a/docs/security/oss/grype-4.1.0.json +++ b/docs/security/oss/grype-4.1.0.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -215,8 +215,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -283,8 +283,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -383,8 +383,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87877, - "date": "2026-03-09" + "percentile": 0.87925, + "date": "2026-03-16" } ], "cwes": [ @@ -518,8 +518,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87877, - "date": "2026-03-09" + "percentile": 0.87925, + "date": "2026-03-16" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -673,8 +673,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -773,8 +773,8 @@ { "cve": "CVE-2017-17740", "epss": 0.02871, - "percentile": 0.86062, - "date": "2026-03-09" + "percentile": 0.86102, + "date": "2026-03-16" } ], "cwes": [ @@ -836,8 +836,8 @@ { "cve": "CVE-2017-17740", "epss": 0.02871, - "percentile": 0.86062, - "date": "2026-03-09" + "percentile": 0.86102, + "date": "2026-03-16" } ], "cwes": [ @@ -937,8 +937,8 @@ { "cve": "CVE-2025-12970", "epss": 0.00156, - "percentile": 0.36193, - "date": "2026-03-09" + "percentile": 0.36163, + "date": "2026-03-16" } ], "cwes": [ @@ -1029,9 +1029,9 @@ "epss": [ { "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30109, - "date": "2026-03-09" + "epss": 0.00132, + "percentile": 0.32612, + "date": "2026-03-16" } ], "cwes": [ @@ -1061,7 +1061,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.093725 + "risk": 0.10758000000000001 }, "relatedVulnerabilities": [ { @@ -1090,9 +1090,9 @@ "epss": [ { "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30109, - "date": "2026-03-09" + "epss": 0.00132, + "percentile": 0.32612, + "date": "2026-03-16" } ], "cwes": [ @@ -1169,9 +1169,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82337, - "date": "2026-03-09" + "epss": 0.01912, + "percentile": 0.83113, + "date": "2026-03-16" } ], "fix": { @@ -1179,7 +1179,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08785 + "risk": 0.09560000000000002 }, "relatedVulnerabilities": [ { @@ -1223,9 +1223,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82337, - "date": "2026-03-09" + "epss": 0.01912, + "percentile": 0.83113, + "date": "2026-03-16" } ] } @@ -1317,8 +1317,8 @@ { "cve": "CVE-2025-12977", "epss": 0.00092, - "percentile": 0.25704, - "date": "2026-03-09" + "percentile": 0.25677, + "date": "2026-03-16" } ], "cwes": [ @@ -1412,8 +1412,8 @@ { "cve": "CVE-2025-12978", "epss": 0.00153, - "percentile": 0.35776, - "date": "2026-03-09" + "percentile": 0.35748, + "date": "2026-03-16" } ], "fix": { @@ -1484,8 +1484,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80809, - "date": "2026-03-09" + "percentile": 0.80861, + "date": "2026-03-16" } ], "cwes": [ @@ -1547,8 +1547,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80809, - "date": "2026-03-09" + "percentile": 0.80861, + "date": "2026-03-16" } ], "cwes": [ @@ -1642,8 +1642,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1702,8 +1702,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1787,8 +1787,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1847,8 +1847,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1923,8 +1923,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1983,8 +1983,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -2064,8 +2064,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -2124,8 +2124,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -2212,9 +2212,9 @@ "epss": [ { "cve": "CVE-2026-2006", - "epss": 0.00075, - "percentile": 0.22442, - "date": "2026-03-09" + "epss": 0.00087, + "percentile": 0.24841, + "date": "2026-03-16" } ], "cwes": [ @@ -2244,7 +2244,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.061125000000000006 + "risk": 0.070905 }, "relatedVulnerabilities": [ { @@ -2273,9 +2273,9 @@ "epss": [ { "cve": "CVE-2026-2006", - "epss": 0.00075, - "percentile": 0.22442, - "date": "2026-03-09" + "epss": 0.00087, + "percentile": 0.24841, + "date": "2026-03-16" } ], "cwes": [ @@ -2365,9 +2365,9 @@ "epss": [ { "cve": "CVE-2026-2005", - "epss": 0.00066, - "percentile": 0.20179, - "date": "2026-03-09" + "epss": 0.00076, + "percentile": 0.22508, + "date": "2026-03-16" } ], "cwes": [ @@ -2397,7 +2397,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.053790000000000004 + "risk": 0.06194000000000001 }, "relatedVulnerabilities": [ { @@ -2426,9 +2426,9 @@ "epss": [ { "cve": "CVE-2026-2005", - "epss": 0.00066, - "percentile": 0.20179, - "date": "2026-03-09" + "epss": 0.00076, + "percentile": 0.22508, + "date": "2026-03-16" } ], "cwes": [ @@ -2519,8 +2519,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.27974, - "date": "2026-03-09" + "percentile": 0.27935, + "date": "2026-03-16" } ], "fix": { @@ -2563,8 +2563,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.27974, - "date": "2026-03-09" + "percentile": 0.27935, + "date": "2026-03-16" } ] } @@ -2618,6 +2618,154 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12818", + "epss": 0.00096, + "percentile": 0.26549, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.052320000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2025-12818/" + ], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12818", + "epss": 0.00096, + "percentile": 0.26549, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "postgresql-15", + "version": "15.14-0+deb12u1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" + } + } + ], + "artifact": { + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libpq5", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "upstreams": [ + { + "name": "postgresql-15" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-12972", @@ -2647,8 +2795,8 @@ { "cve": "CVE-2025-12972", "epss": 0.00098, - "percentile": 0.26885, - "date": "2026-03-09" + "percentile": 0.26842, + "date": "2026-03-16" } ], "cwes": [ @@ -2740,8 +2888,8 @@ { "cve": "CVE-2025-69421", "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ @@ -2818,8 +2966,8 @@ { "cve": "CVE-2025-69421", "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ @@ -2934,8 +3082,8 @@ { "cve": "CVE-2025-12969", "epss": 0.00082, - "percentile": 0.23966, - "date": "2026-03-09" + "percentile": 0.23943, + "date": "2026-03-16" } ], "cwes": [ @@ -3003,113 +3151,97 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69419", + "cve": "CVE-2025-13151", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.045445 + "advisories": [], + "risk": 0.0465 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69419", + "cve": "CVE-2025-13151", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3117,146 +3249,148 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69419", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75428, - "date": "2026-03-09" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0452 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.045445 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 3.9, - "impactScore": 3.4 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75428, - "date": "2026-03-09" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3271,129 +3405,150 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-0725", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74804, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2019-9192", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.044250000000000005 + "risk": 0.043000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74804, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2019-9192", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -3402,7 +3557,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3410,67 +3565,85 @@ "version": "12" }, "package": { - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "48b70e4d102cdd4b", - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libtasn1-6", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.0086, - "percentile": 0.74743, - "date": "2026-03-09" + "cve": "CVE-2019-1010025", + "epss": 0.00856, + "percentile": 0.74757, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -3480,29 +3653,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.043000000000000003 + "risk": 0.0428 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -3510,7 +3686,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -3521,16 +3697,16 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.0086, - "percentile": 0.74743, - "date": "2026-03-09" + "cve": "CVE-2019-1010025", + "epss": 0.00856, + "percentile": 0.74757, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -3553,7 +3729,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -3607,90 +3783,88 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00856, - "percentile": 0.74696, - "date": "2026-03-09" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0428 + "risk": 0.039749999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00856, - "percentile": 0.74696, - "date": "2026-03-09" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -3711,7 +3885,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -3765,95 +3939,105 @@ }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22241, - "date": "2026-03-09" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.15-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.040330000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.039654999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22241, - "date": "2026-03-09" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3869,65 +4053,88 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, + "name": "openssl", + "version": "3.0.17-1~deb12u2" + }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3935,155 +4142,92 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.039749999999999994 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.1.0" + } }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4091,65 +4235,55 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "cve": "CVE-2025-12817", + "epss": 0.0011, + "percentile": 0.29293, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ - "3.0.18-1~deb12u2" + "15.15-0+deb12u1" ], "state": "fixed", "available": [ { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.039654999999999996 + "advisories": [], + "risk": 0.03355 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4157,17 +4291,17 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "cve": "CVE-2025-12817", + "epss": 0.0011, + "percentile": 0.29293, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -4183,164 +4317,48 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" }, "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "openssl" + "name": "postgresql-15" } ] } }, - { - "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.037275 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.1.0" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2019-1010024", @@ -4354,8 +4372,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70355, - "date": "2026-03-09" + "percentile": 0.70426, + "date": "2026-03-16" } ], "cwes": [ @@ -4418,8 +4436,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70355, - "date": "2026-03-09" + "percentile": 0.70426, + "date": "2026-03-16" } ], "cwes": [ @@ -4502,85 +4520,123 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2026-1965", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-1965", + "namespace": "debian:distro:debian:12", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "wont-fix" }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.031049999999999994 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" + ], + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.1.0" - } + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-1965", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -4589,94 +4645,826 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.0" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67658, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0275 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67658, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-2003", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2003", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-2003", + "epss": 0.00056, + "percentile": 0.17356, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2003", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "15.16-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.16-0+deb12u1", + "date": "2026-02-12", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6132-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + } + ], + "risk": 0.026039999999999994 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2003", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2003", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2026-2003/" + ], + "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-2003", + "epss": 0.00056, + "percentile": 0.17356, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2003", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "postgresql-15", + "version": "15.14-0+deb12u1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-2003", + "versionConstraint": "< 15.16-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.16-0+deb12u1" + } + } + ], + "artifact": { + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libpq5", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "upstreams": [ + { + "name": "postgresql-15" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.6631, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.025750000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" + ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.6631, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2018-6829", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.17-1~deb12u3" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.02325 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08606, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u2" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.17-1~deb12u3" + } + } + ], + "artifact": { + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2025-14831", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0055, - "percentile": 0.67585, - "date": "2026-03-09" + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-385", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.7.9-2+deb12u6" + ], + "state": "fixed", + "available": [ + { + "version": "3.7.9-2+deb12u6", + "date": "2026-02-18", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0275 + "advisories": [ + { + "id": "DSA-6140-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" + } + ], + "risk": 0.023175 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0055, - "percentile": 0.67585, - "date": "2026-03-09" + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-385", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4684,27 +5472,30 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" + }, + "fix": { + "suggestedVersion": "3.7.9-2+deb12u6" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libgnutls30", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } @@ -4713,33 +5504,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", + "upstreams": [ + { + "name": "gnutls28" + } + ] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", "cvss": [], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66224, - "date": "2026-03-09" + "cve": "CVE-2025-0725", + "epss": 0.00442, + "percentile": 0.62966, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", + "cve": "CVE-2025-0725", + "cwe": "CWE-120", "source": "nvd@nist.gov", "type": "Primary" } @@ -4749,59 +5544,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025750000000000002 + "risk": 0.0221 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 7.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66224, - "date": "2026-03-09" + "cve": "CVE-2025-0725", + "epss": 0.00442, + "percentile": 0.62966, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", + "cve": "CVE-2025-0725", + "cwe": "CWE-120", "source": "nvd@nist.gov", "type": "Primary" } @@ -4810,7 +5597,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4818,27 +5605,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2025-0725", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -4847,108 +5634,100 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { "vulnerability": { - "id": "CVE-2026-2003", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2003", + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.14888, - "date": "2026-03-09" + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11565, + "date": "2026-03-16" } ], "cwes": [ - { - "cve": "CVE-2026-2003", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "15.16-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.16-0+deb12u1", - "date": "2026-02-12", - "kind": "advisory" - } - ] - }, - "advisories": [ - { - "id": "DSA-6132-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], - "risk": 0.022785 + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.020085 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-2003", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2003", + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2026-2003/" + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], - "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.14888, - "date": "2026-03-09" + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11565, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-2003", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4964,30 +5743,27 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-2003", - "versionConstraint": "< 15.16-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.16-0+deb12u1" + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -4996,108 +5772,91 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "postgresql-15" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "Negligible", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20185, - "date": "2026-03-09" + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59944, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.02013 + "risk": 0.019700000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20185, - "date": "2026-03-09" + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59944, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5112,65 +5871,81 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "postgresql-15" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2025-9232", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9232", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5178,48 +5953,66 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11553, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.0.17-1~deb12u3" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.020085 + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.019620000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5227,17 +6020,17 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11553, - "date": "2026-03-09" + "cve": "CVE-2025-9232", + "epss": 0.00036, + "percentile": 0.10228, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5253,68 +6046,84 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.17-1~deb12u3" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59883, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-03-16" } ], "fix": { @@ -5322,51 +6131,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019700000000000002 + "risk": 0.01565 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59883, - "date": "2026-03-09" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-03-16" } ] } @@ -5387,7 +6211,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010023", "versionConstraint": "none (unknown)" } } @@ -5441,103 +6265,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "exploitabilityScore": 1.7, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-14524", + "epss": 0.0003, + "percentile": 0.08206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.7.9-2+deb12u6" - ], - "state": "fixed", - "available": [ - { - "version": "3.7.9-2+deb12u6", - "date": "2026-02-18", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6140-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" - } - ], - "risk": 0.019055 + "advisories": [], + "risk": 0.015449999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "exploitabilityScore": 1.7, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2025-14524", + "epss": 0.0003, + "percentile": 0.08206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5552,30 +6363,27 @@ "version": "12" }, "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" - }, - "fix": { - "suggestedVersion": "3.7.9-2+deb12u6" + "vulnerabilityID": "CVE-2025-14524", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgnutls30", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -5584,30 +6392,30 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "gnutls28" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5618,72 +6426,44 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.0165 + "advisories": [], + "risk": 0.014249999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5694,23 +6474,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00022, - "percentile": 0.05642, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -5726,46 +6500,43 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -5773,37 +6544,43 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "GPL-2", + "LGPL-2.1" ], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54089, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5811,66 +6588,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01565 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54089, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5885,148 +6643,123 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.015449999999999998 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14524.html", - "https://curl.se/docs/CVE-2025-14524.json", - "https://hackerone.com/reports/3459417", - "http://www.openwall.com/lists/oss-security/2026/01/07/4" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -6043,27 +6776,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -6072,100 +6805,87 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.014249999999999999 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6180,167 +6900,121 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9232", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.012535000000000001 + "advisories": [], + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00023, - "percentile": 0.05906, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6355,65 +7029,41 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "openssl" + "name": "krb5" } ] } @@ -6431,8 +7081,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43824, - "date": "2026-03-09" + "percentile": 0.43875, + "date": "2026-03-16" } ], "cwes": [ @@ -6496,8 +7146,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43824, - "date": "2026-03-09" + "percentile": 0.43875, + "date": "2026-03-16" } ], "cwes": [ @@ -6570,74 +7220,88 @@ }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -6653,27 +7317,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -6682,95 +7346,100 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "krb5" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -6778,7 +7447,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6786,27 +7455,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -6815,37 +7484,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.4244, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2024-2379", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -6855,45 +7520,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.4244, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2024-2379", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -6910,27 +7584,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2024-2379", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -6939,92 +7613,118 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0103 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.008925 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7039,125 +7739,155 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2026-3784", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3784", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", - "cvss": [], + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42397, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.01025 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42397, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -7178,7 +7908,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } @@ -7213,105 +7943,89 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", + "id": "CVE-2026-3783", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3783", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.008925 + "advisories": [], + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -7327,65 +8041,41 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "openssl" + "name": "curl" } ] } @@ -7403,8 +8093,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -7470,8 +8160,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -7552,8 +8242,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -7619,8 +8309,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -7710,8 +8400,8 @@ { "cve": "CVE-2025-68160", "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ @@ -7776,8 +8466,8 @@ { "cve": "CVE-2025-68160", "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ @@ -7876,8 +8566,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3258, - "date": "2026-03-09" + "percentile": 0.32482, + "date": "2026-03-16" } ], "cwes": [ @@ -7938,8 +8628,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3258, - "date": "2026-03-09" + "percentile": 0.32482, + "date": "2026-03-16" } ], "cwes": [ @@ -8044,66 +8734,238 @@ ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00659, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.006360000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00659, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.7.9-2+deb12u6" + ], + "state": "fixed", + "available": [ + { + "version": "3.7.9-2+deb12u6", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.006360000000000001 + "risk": 0.0063 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.9 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8119,60 +8981,44 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" + }, + "fix": { + "suggestedVersion": "3.7.9-2+deb12u6" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgnutls30", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { - "name": "glibc" + "name": "gnutls28" } ] } @@ -8190,8 +9036,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -8240,8 +9086,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -8316,8 +9162,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -8366,8 +9212,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -8438,8 +9284,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -8488,8 +9334,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -8564,8 +9410,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -8614,8 +9460,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -8673,160 +9519,6 @@ "upstreams": [] } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.7.9-2+deb12u6" - ], - "state": "fixed", - "available": [ - { - "version": "3.7.9-2+deb12u6", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0.00495 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" - }, - "fix": { - "suggestedVersion": "3.7.9-2+deb12u6" - } - } - ], - "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } - }, { "vulnerability": { "id": "CVE-2017-14159", @@ -8840,8 +9532,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00092, - "percentile": 0.25756, - "date": "2026-03-09" + "percentile": 0.25729, + "date": "2026-03-16" } ], "cwes": [ @@ -8900,8 +9592,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00092, - "percentile": 0.25756, - "date": "2026-03-09" + "percentile": 0.25729, + "date": "2026-03-16" } ], "cwes": [ @@ -8985,8 +9677,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -9033,8 +9725,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -9118,8 +9810,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -9166,8 +9858,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -9242,8 +9934,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -9290,8 +9982,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -9371,8 +10063,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -9419,8 +10111,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -9495,8 +10187,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00072, - "percentile": 0.21754, - "date": "2026-03-09" + "percentile": 0.21722, + "date": "2026-03-16" } ], "cwes": [ @@ -9545,8 +10237,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00072, - "percentile": 0.21754, - "date": "2026-03-09" + "percentile": 0.21722, + "date": "2026-03-16" } ], "cwes": [ @@ -9620,9 +10312,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00069, - "percentile": 0.20993, - "date": "2026-03-09" + "epss": 0.00071, + "percentile": 0.21481, + "date": "2026-03-16" } ], "cwes": [ @@ -9638,7 +10330,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00345 + "risk": 0.00355 }, "relatedVulnerabilities": [ { @@ -9668,9 +10360,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00069, - "percentile": 0.20993, - "date": "2026-03-09" + "epss": 0.00071, + "percentile": 0.21481, + "date": "2026-03-16" } ], "cwes": [ @@ -9779,8 +10471,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -9842,8 +10534,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -9918,8 +10610,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9979,8 +10671,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -10087,8 +10779,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -10148,8 +10840,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -10224,8 +10916,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -10285,8 +10977,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -10389,8 +11081,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -10450,8 +11142,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -10549,8 +11241,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -10610,8 +11302,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -10722,8 +11414,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -10788,8 +11480,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -10888,8 +11580,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10955,8 +11647,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -11037,8 +11729,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -11104,8 +11796,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -11182,8 +11874,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "percentile": 0.08352, + "date": "2026-03-16" } ], "cwes": [ @@ -11232,8 +11924,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "percentile": 0.08352, + "date": "2026-03-16" } ], "cwes": [ @@ -11307,9 +11999,9 @@ "epss": [ { "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ @@ -11331,7 +12023,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.001 + "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { @@ -11362,9 +12054,9 @@ "epss": [ { "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ @@ -11454,8 +12146,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00018, - "percentile": 0.04357, - "date": "2026-03-09" + "percentile": 0.0432, + "date": "2026-03-16" } ], "fix": { @@ -11497,8 +12189,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00018, - "percentile": 0.04357, - "date": "2026-03-09" + "percentile": 0.0432, + "date": "2026-03-16" } ] } @@ -11565,8 +12257,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -11614,8 +12306,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -12005,107 +12697,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/oss/grype-4.1.0.md b/docs/security/oss/grype-4.1.0.md index dfade44..50122c9 100644 --- a/docs/security/oss/grype-4.1.0.md +++ b/docs/security/oss/grype-4.1.0.md @@ -14,26 +14,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005) | High | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | -| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | fluent-bit | 4.1.0 | [CVE-2025-12978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12978) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-12972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12972) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-12969](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12969) | Medium | -| libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003) | Medium | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libsystemd0 | 254.26-1~bpo12+1 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd | 254.26-1~bpo12+1 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | | zlib1g | 1:1.2.13.dfsg-1 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Medium | @@ -47,19 +52,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.1.1.json b/docs/security/oss/grype-4.1.1.json index c9410cb..61203f1 100644 --- a/docs/security/oss/grype-4.1.1.json +++ b/docs/security/oss/grype-4.1.1.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -215,8 +215,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -283,8 +283,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -383,8 +383,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87877, - "date": "2026-03-09" + "percentile": 0.87925, + "date": "2026-03-16" } ], "cwes": [ @@ -518,8 +518,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87877, - "date": "2026-03-09" + "percentile": 0.87925, + "date": "2026-03-16" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -673,8 +673,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -773,8 +773,8 @@ { "cve": "CVE-2017-17740", "epss": 0.02871, - "percentile": 0.86062, - "date": "2026-03-09" + "percentile": 0.86102, + "date": "2026-03-16" } ], "cwes": [ @@ -836,8 +836,8 @@ { "cve": "CVE-2017-17740", "epss": 0.02871, - "percentile": 0.86062, - "date": "2026-03-09" + "percentile": 0.86102, + "date": "2026-03-16" } ], "cwes": [ @@ -933,9 +933,9 @@ "epss": [ { "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30109, - "date": "2026-03-09" + "epss": 0.00132, + "percentile": 0.32612, + "date": "2026-03-16" } ], "cwes": [ @@ -965,7 +965,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.093725 + "risk": 0.10758000000000001 }, "relatedVulnerabilities": [ { @@ -994,9 +994,9 @@ "epss": [ { "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30109, - "date": "2026-03-09" + "epss": 0.00132, + "percentile": 0.32612, + "date": "2026-03-16" } ], "cwes": [ @@ -1073,9 +1073,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82337, - "date": "2026-03-09" + "epss": 0.01912, + "percentile": 0.83113, + "date": "2026-03-16" } ], "fix": { @@ -1083,7 +1083,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08785 + "risk": 0.09560000000000002 }, "relatedVulnerabilities": [ { @@ -1127,9 +1127,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82337, - "date": "2026-03-09" + "epss": 0.01912, + "percentile": 0.83113, + "date": "2026-03-16" } ] } @@ -1205,8 +1205,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80809, - "date": "2026-03-09" + "percentile": 0.80861, + "date": "2026-03-16" } ], "cwes": [ @@ -1268,8 +1268,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80809, - "date": "2026-03-09" + "percentile": 0.80861, + "date": "2026-03-16" } ], "cwes": [ @@ -1363,8 +1363,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1423,8 +1423,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1508,8 +1508,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1568,8 +1568,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1644,8 +1644,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1704,8 +1704,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1785,8 +1785,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1845,8 +1845,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1933,9 +1933,9 @@ "epss": [ { "cve": "CVE-2026-2006", - "epss": 0.00075, - "percentile": 0.22442, - "date": "2026-03-09" + "epss": 0.00087, + "percentile": 0.24841, + "date": "2026-03-16" } ], "cwes": [ @@ -1965,7 +1965,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.061125000000000006 + "risk": 0.070905 }, "relatedVulnerabilities": [ { @@ -1994,9 +1994,9 @@ "epss": [ { "cve": "CVE-2026-2006", - "epss": 0.00075, - "percentile": 0.22442, - "date": "2026-03-09" + "epss": 0.00087, + "percentile": 0.24841, + "date": "2026-03-16" } ], "cwes": [ @@ -2086,9 +2086,9 @@ "epss": [ { "cve": "CVE-2026-2005", - "epss": 0.00066, - "percentile": 0.20179, - "date": "2026-03-09" + "epss": 0.00076, + "percentile": 0.22508, + "date": "2026-03-16" } ], "cwes": [ @@ -2118,7 +2118,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.053790000000000004 + "risk": 0.06194000000000001 }, "relatedVulnerabilities": [ { @@ -2147,9 +2147,9 @@ "epss": [ { "cve": "CVE-2026-2005", - "epss": 0.00066, - "percentile": 0.20179, - "date": "2026-03-09" + "epss": 0.00076, + "percentile": 0.22508, + "date": "2026-03-16" } ], "cwes": [ @@ -2240,8 +2240,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.27974, - "date": "2026-03-09" + "percentile": 0.27935, + "date": "2026-03-16" } ], "fix": { @@ -2284,8 +2284,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.27974, - "date": "2026-03-09" + "percentile": 0.27935, + "date": "2026-03-16" } ] } @@ -2339,6 +2339,154 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12818", + "epss": 0.00096, + "percentile": 0.26549, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.052320000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2025-12818/" + ], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12818", + "epss": 0.00096, + "percentile": 0.26549, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "postgresql-15", + "version": "15.14-0+deb12u1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" + } + } + ], + "artifact": { + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libpq5", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "upstreams": [ + { + "name": "postgresql-15" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-69421", @@ -2365,8 +2513,8 @@ { "cve": "CVE-2025-69421", "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ @@ -2443,8 +2591,8 @@ { "cve": "CVE-2025-69421", "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ @@ -2532,113 +2680,97 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69419", + "cve": "CVE-2025-13151", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.045445 + "advisories": [], + "risk": 0.0465 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69419", + "cve": "CVE-2025-13151", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2646,146 +2778,148 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69419", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75428, - "date": "2026-03-09" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0452 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.045445 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 3.9, - "impactScore": 3.4 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75428, - "date": "2026-03-09" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2800,129 +2934,150 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-0725", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74804, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2019-9192", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.044250000000000005 + "risk": 0.043000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74804, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2019-9192", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -2931,7 +3086,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2939,67 +3094,85 @@ "version": "12" }, "package": { - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "48b70e4d102cdd4b", - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libtasn1-6", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.0086, - "percentile": 0.74743, - "date": "2026-03-09" + "cve": "CVE-2019-1010025", + "epss": 0.00856, + "percentile": 0.74757, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -3009,29 +3182,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.043000000000000003 + "risk": 0.0428 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -3039,7 +3215,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -3050,16 +3226,16 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.0086, - "percentile": 0.74743, - "date": "2026-03-09" + "cve": "CVE-2019-1010025", + "epss": 0.00856, + "percentile": 0.74757, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -3082,7 +3258,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -3136,90 +3312,88 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00856, - "percentile": 0.74696, - "date": "2026-03-09" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0428 + "risk": 0.039749999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00856, - "percentile": 0.74696, - "date": "2026-03-09" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -3240,7 +3414,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -3294,95 +3468,105 @@ }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22241, - "date": "2026-03-09" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.15-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.040330000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.039654999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22241, - "date": "2026-03-09" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3398,65 +3582,88 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3464,155 +3671,92 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.039749999999999994 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" + ], "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.1.1" + } }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", + "id": "dd108375663c1956", + "name": "fluent-bit", + "version": "4.1.1", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c84836e8d858a60e9246f25af0c1bd76a001444e90aef8a6b41cbfbaf4e2f770", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.1.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3620,65 +3764,55 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "cve": "CVE-2025-12817", + "epss": 0.0011, + "percentile": 0.29293, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ - "3.0.18-1~deb12u2" + "15.15-0+deb12u1" ], "state": "fixed", "available": [ { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.039654999999999996 + "advisories": [], + "risk": 0.03355 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3686,17 +3820,17 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "cve": "CVE-2025-12817", + "epss": 0.0011, + "percentile": 0.29293, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -3712,164 +3846,48 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" }, "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "openssl" + "name": "postgresql-15" } ] } }, - { - "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.037275 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.1.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "dd108375663c1956", - "name": "fluent-bit", - "version": "4.1.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c84836e8d858a60e9246f25af0c1bd76a001444e90aef8a6b41cbfbaf4e2f770", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.1.1", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2019-1010024", @@ -3883,8 +3901,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70355, - "date": "2026-03-09" + "percentile": 0.70426, + "date": "2026-03-16" } ], "cwes": [ @@ -3947,8 +3965,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70355, - "date": "2026-03-09" + "percentile": 0.70426, + "date": "2026-03-16" } ], "cwes": [ @@ -4031,85 +4049,123 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2026-1965", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-1965", + "namespace": "debian:distro:debian:12", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "wont-fix" }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.031049999999999994 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" + ], + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.1.1" - } + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-1965", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dd108375663c1956", - "name": "fluent-bit", - "version": "4.1.1", - "type": "binary", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c84836e8d858a60e9246f25af0c1bd76a001444e90aef8a6b41cbfbaf4e2f770", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -4118,122 +4174,97 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.1", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0055, - "percentile": 0.67585, - "date": "2026-03-09" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-385", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.0275 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0055, - "percentile": 0.67585, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-385", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" + ], "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.1.1" + } }, "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", + "id": "dd108375663c1956", + "name": "fluent-bit", + "version": "4.1.1", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c84836e8d858a60e9246f25af0c1bd76a001444e90aef8a6b41cbfbaf4e2f770", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -4242,34 +4273,34 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "purl": "pkg:github/fluent/fluent-bit@4.1.1", "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66224, - "date": "2026-03-09" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67658, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -4278,60 +4309,50 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025750000000000002 + "risk": 0.0275 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66224, - "date": "2026-03-09" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67658, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -4353,7 +4374,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2024-2236", "versionConstraint": "none (unknown)" } } @@ -4407,9 +4428,9 @@ "epss": [ { "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.14888, - "date": "2026-03-09" + "epss": 0.00056, + "percentile": 0.17356, + "date": "2026-03-16" } ], "cwes": [ @@ -4439,7 +4460,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.022785 + "risk": 0.026039999999999994 }, "relatedVulnerabilities": [ { @@ -4468,9 +4489,9 @@ "epss": [ { "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.14888, - "date": "2026-03-09" + "epss": 0.00056, + "percentile": 0.17356, + "date": "2026-03-16" } ], "cwes": [ @@ -4537,77 +4558,221 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "Negligible", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20185, - "date": "2026-03-09" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.6631, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.02013 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.6631, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2018-6829", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.7.9-2+deb12u6" + ], + "state": "fixed", + "available": [ + { + "version": "3.7.9-2+deb12u6", + "date": "2026-02-18", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6140-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4615,17 +4780,17 @@ ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20185, - "date": "2026-03-09" + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4641,56 +4806,625 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" + }, + "fix": { + "suggestedVersion": "3.7.9-2+deb12u6" + } + } + ], + "artifact": { + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgnutls30", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", + "upstreams": [ + { + "name": "gnutls28" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-0725", + "epss": 0.00442, + "percentile": 0.62966, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0221 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" + ], + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 7.3, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-0725", + "epss": 0.00442, + "percentile": 0.62966, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-0725", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11565, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.020085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" + ], + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11565, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59944, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019700000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59944, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" - } - } - ], - "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", - "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { - "evidence": "primary" + "evidence": "supporting" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "postgresql-15" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4707,18 +5441,18 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11553, - "date": "2026-03-09" + "cve": "CVE-2025-14524", + "epss": 0.0003, + "percentile": 0.08206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4726,20 +5460,21 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.020085 + "risk": 0.015449999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4756,18 +5491,18 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11553, - "date": "2026-03-09" + "cve": "CVE-2025-14524", + "epss": 0.0003, + "percentile": 0.08206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4788,7 +5523,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2025-14524", "versionConstraint": "none (unknown)" } } @@ -4823,79 +5558,88 @@ }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59883, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.019700000000000002 + "risk": 0.014249999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59883, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4916,7 +5660,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } @@ -4970,81 +5714,53 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.7.9-2+deb12u6" - ], - "state": "fixed", - "available": [ - { - "version": "3.7.9-2+deb12u6", - "date": "2026-02-18", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6140-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" - } - ], - "risk": 0.019055 + "advisories": [], + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5055,18 +5771,18 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5081,30 +5797,27 @@ "version": "12" }, "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" - }, - "fix": { - "suggestedVersion": "3.7.9-2+deb12u6" + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgnutls30", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -5113,31 +5826,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gnutls28" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54089, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5145,66 +5875,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01565 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54089, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5219,148 +5930,114 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.015449999999999998 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14524.html", - "https://curl.se/docs/CVE-2025-14524.json", - "https://hackerone.com/reports/3459417", - "http://www.openwall.com/lists/oss-security/2026/01/07/4" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5377,27 +6054,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -5406,100 +6083,92 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.014249999999999999 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5514,60 +6183,41 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } @@ -5585,8 +6235,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43824, - "date": "2026-03-09" + "percentile": 0.43875, + "date": "2026-03-16" } ], "cwes": [ @@ -5650,8 +6300,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43824, - "date": "2026-03-09" + "percentile": 0.43875, + "date": "2026-03-16" } ], "cwes": [ @@ -5724,74 +6374,88 @@ }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5807,27 +6471,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -5836,95 +6500,100 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "krb5" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5932,7 +6601,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5940,27 +6609,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -5969,37 +6638,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.4244, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2024-2379", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -6009,45 +6674,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.4244, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2024-2379", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -6064,27 +6738,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2024-2379", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -6093,92 +6767,118 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0103 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.008925 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6193,125 +6893,155 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2026-3784", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3784", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", - "cvss": [], + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42397, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.01025 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42397, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6332,7 +7062,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } @@ -6367,105 +7097,89 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", + "id": "CVE-2026-3783", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3783", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.008925 + "advisories": [], + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -6481,65 +7195,41 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "openssl" + "name": "curl" } ] } @@ -6557,8 +7247,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6624,8 +7314,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6706,8 +7396,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6773,8 +7463,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6864,8 +7554,8 @@ { "cve": "CVE-2025-68160", "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ @@ -6930,8 +7620,8 @@ { "cve": "CVE-2025-68160", "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ @@ -7030,8 +7720,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3258, - "date": "2026-03-09" + "percentile": 0.32482, + "date": "2026-03-16" } ], "cwes": [ @@ -7092,8 +7782,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3258, - "date": "2026-03-09" + "percentile": 0.32482, + "date": "2026-03-16" } ], "cwes": [ @@ -7198,66 +7888,238 @@ ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00659, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.006360000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00659, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.7.9-2+deb12u6" + ], + "state": "fixed", + "available": [ + { + "version": "3.7.9-2+deb12u6", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.006360000000000001 + "risk": 0.0063 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.9 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7273,60 +8135,44 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" + }, + "fix": { + "suggestedVersion": "3.7.9-2+deb12u6" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgnutls30", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { - "name": "glibc" + "name": "gnutls28" } ] } @@ -7344,8 +8190,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7394,8 +8240,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7470,8 +8316,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7520,8 +8366,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7592,8 +8438,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7642,8 +8488,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7718,8 +8564,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7768,8 +8614,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7827,160 +8673,6 @@ "upstreams": [] } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.7.9-2+deb12u6" - ], - "state": "fixed", - "available": [ - { - "version": "3.7.9-2+deb12u6", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0.00495 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" - }, - "fix": { - "suggestedVersion": "3.7.9-2+deb12u6" - } - } - ], - "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } - }, { "vulnerability": { "id": "CVE-2017-14159", @@ -7994,8 +8686,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00092, - "percentile": 0.25756, - "date": "2026-03-09" + "percentile": 0.25729, + "date": "2026-03-16" } ], "cwes": [ @@ -8054,8 +8746,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00092, - "percentile": 0.25756, - "date": "2026-03-09" + "percentile": 0.25729, + "date": "2026-03-16" } ], "cwes": [ @@ -8139,8 +8831,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8187,8 +8879,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8272,8 +8964,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8320,8 +9012,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8396,8 +9088,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8444,8 +9136,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8525,8 +9217,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8573,8 +9265,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8649,8 +9341,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00072, - "percentile": 0.21754, - "date": "2026-03-09" + "percentile": 0.21722, + "date": "2026-03-16" } ], "cwes": [ @@ -8699,8 +9391,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00072, - "percentile": 0.21754, - "date": "2026-03-09" + "percentile": 0.21722, + "date": "2026-03-16" } ], "cwes": [ @@ -8774,9 +9466,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00069, - "percentile": 0.20993, - "date": "2026-03-09" + "epss": 0.00071, + "percentile": 0.21481, + "date": "2026-03-16" } ], "cwes": [ @@ -8792,7 +9484,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00345 + "risk": 0.00355 }, "relatedVulnerabilities": [ { @@ -8822,9 +9514,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00069, - "percentile": 0.20993, - "date": "2026-03-09" + "epss": 0.00071, + "percentile": 0.21481, + "date": "2026-03-16" } ], "cwes": [ @@ -8933,8 +9625,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -8996,8 +9688,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -9072,8 +9764,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9133,8 +9825,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9241,8 +9933,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9302,8 +9994,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9378,8 +10070,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9439,8 +10131,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9543,8 +10235,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9604,8 +10296,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9703,8 +10395,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9764,8 +10456,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9876,8 +10568,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -9942,8 +10634,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -10042,8 +10734,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10109,8 +10801,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10191,8 +10883,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10258,8 +10950,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10336,8 +11028,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "percentile": 0.08352, + "date": "2026-03-16" } ], "cwes": [ @@ -10386,8 +11078,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "percentile": 0.08352, + "date": "2026-03-16" } ], "cwes": [ @@ -10461,9 +11153,9 @@ "epss": [ { "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ @@ -10485,7 +11177,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.001 + "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { @@ -10516,9 +11208,9 @@ "epss": [ { "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ @@ -10608,8 +11300,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00018, - "percentile": 0.04357, - "date": "2026-03-09" + "percentile": 0.0432, + "date": "2026-03-16" } ], "fix": { @@ -10651,8 +11343,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00018, - "percentile": 0.04357, - "date": "2026-03-09" + "percentile": 0.0432, + "date": "2026-03-16" } ] } @@ -10719,8 +11411,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -10768,8 +11460,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -11159,107 +11851,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/oss/grype-4.1.1.md b/docs/security/oss/grype-4.1.1.md index 68de1f7..4905df6 100644 --- a/docs/security/oss/grype-4.1.1.md +++ b/docs/security/oss/grype-4.1.1.md @@ -12,8 +12,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005) | High | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | -| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | @@ -21,12 +21,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | | fluent-bit | 4.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | fluent-bit | 4.1.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003) | Medium | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libsystemd0 | 254.26-1~bpo12+1 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd | 254.26-1~bpo12+1 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | | zlib1g | 1:1.2.13.dfsg-1 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Medium | @@ -40,19 +45,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.1.2.json b/docs/security/oss/grype-4.1.2.json index 901e85f..6db5fc6 100644 --- a/docs/security/oss/grype-4.1.2.json +++ b/docs/security/oss/grype-4.1.2.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -215,8 +215,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -283,8 +283,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -383,8 +383,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87877, - "date": "2026-03-09" + "percentile": 0.87925, + "date": "2026-03-16" } ], "cwes": [ @@ -518,8 +518,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87877, - "date": "2026-03-09" + "percentile": 0.87925, + "date": "2026-03-16" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -673,8 +673,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -773,8 +773,8 @@ { "cve": "CVE-2017-17740", "epss": 0.02871, - "percentile": 0.86062, - "date": "2026-03-09" + "percentile": 0.86102, + "date": "2026-03-16" } ], "cwes": [ @@ -836,8 +836,8 @@ { "cve": "CVE-2017-17740", "epss": 0.02871, - "percentile": 0.86062, - "date": "2026-03-09" + "percentile": 0.86102, + "date": "2026-03-16" } ], "cwes": [ @@ -933,9 +933,9 @@ "epss": [ { "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30109, - "date": "2026-03-09" + "epss": 0.00132, + "percentile": 0.32612, + "date": "2026-03-16" } ], "cwes": [ @@ -965,7 +965,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.093725 + "risk": 0.10758000000000001 }, "relatedVulnerabilities": [ { @@ -994,9 +994,9 @@ "epss": [ { "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30109, - "date": "2026-03-09" + "epss": 0.00132, + "percentile": 0.32612, + "date": "2026-03-16" } ], "cwes": [ @@ -1073,9 +1073,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82337, - "date": "2026-03-09" + "epss": 0.01912, + "percentile": 0.83113, + "date": "2026-03-16" } ], "fix": { @@ -1083,7 +1083,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08785 + "risk": 0.09560000000000002 }, "relatedVulnerabilities": [ { @@ -1127,9 +1127,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82337, - "date": "2026-03-09" + "epss": 0.01912, + "percentile": 0.83113, + "date": "2026-03-16" } ] } @@ -1205,8 +1205,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80809, - "date": "2026-03-09" + "percentile": 0.80861, + "date": "2026-03-16" } ], "cwes": [ @@ -1268,8 +1268,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80809, - "date": "2026-03-09" + "percentile": 0.80861, + "date": "2026-03-16" } ], "cwes": [ @@ -1363,8 +1363,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1423,8 +1423,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1508,8 +1508,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1568,8 +1568,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1644,8 +1644,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1704,8 +1704,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1785,8 +1785,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1845,8 +1845,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1933,9 +1933,9 @@ "epss": [ { "cve": "CVE-2026-2006", - "epss": 0.00075, - "percentile": 0.22442, - "date": "2026-03-09" + "epss": 0.00087, + "percentile": 0.24841, + "date": "2026-03-16" } ], "cwes": [ @@ -1965,7 +1965,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.061125000000000006 + "risk": 0.070905 }, "relatedVulnerabilities": [ { @@ -1994,9 +1994,9 @@ "epss": [ { "cve": "CVE-2026-2006", - "epss": 0.00075, - "percentile": 0.22442, - "date": "2026-03-09" + "epss": 0.00087, + "percentile": 0.24841, + "date": "2026-03-16" } ], "cwes": [ @@ -2086,9 +2086,9 @@ "epss": [ { "cve": "CVE-2026-2005", - "epss": 0.00066, - "percentile": 0.20179, - "date": "2026-03-09" + "epss": 0.00076, + "percentile": 0.22508, + "date": "2026-03-16" } ], "cwes": [ @@ -2118,7 +2118,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.053790000000000004 + "risk": 0.06194000000000001 }, "relatedVulnerabilities": [ { @@ -2147,9 +2147,9 @@ "epss": [ { "cve": "CVE-2026-2005", - "epss": 0.00066, - "percentile": 0.20179, - "date": "2026-03-09" + "epss": 0.00076, + "percentile": 0.22508, + "date": "2026-03-16" } ], "cwes": [ @@ -2240,8 +2240,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.27974, - "date": "2026-03-09" + "percentile": 0.27935, + "date": "2026-03-16" } ], "fix": { @@ -2284,8 +2284,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.27974, - "date": "2026-03-09" + "percentile": 0.27935, + "date": "2026-03-16" } ] } @@ -2339,6 +2339,154 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12818", + "epss": 0.00096, + "percentile": 0.26549, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.052320000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2025-12818/" + ], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12818", + "epss": 0.00096, + "percentile": 0.26549, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "postgresql-15", + "version": "15.14-0+deb12u1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" + } + } + ], + "artifact": { + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libpq5", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "upstreams": [ + { + "name": "postgresql-15" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-69421", @@ -2365,8 +2513,8 @@ { "cve": "CVE-2025-69421", "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ @@ -2443,8 +2591,8 @@ { "cve": "CVE-2025-69421", "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ @@ -2532,113 +2680,97 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69419", + "cve": "CVE-2025-13151", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.045445 + "advisories": [], + "risk": 0.0465 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69419", + "cve": "CVE-2025-13151", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2646,146 +2778,148 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69419", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75428, - "date": "2026-03-09" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0452 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.045445 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 3.9, - "impactScore": 3.4 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75428, - "date": "2026-03-09" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2800,129 +2934,150 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-0725", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74804, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2019-9192", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.044250000000000005 + "risk": 0.043000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74804, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2019-9192", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -2931,7 +3086,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2939,67 +3094,85 @@ "version": "12" }, "package": { - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "48b70e4d102cdd4b", - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libtasn1-6", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.0086, - "percentile": 0.74743, - "date": "2026-03-09" + "cve": "CVE-2019-1010025", + "epss": 0.00856, + "percentile": 0.74757, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -3009,29 +3182,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.043000000000000003 + "risk": 0.0428 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -3039,7 +3215,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -3050,16 +3226,16 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.0086, - "percentile": 0.74743, - "date": "2026-03-09" + "cve": "CVE-2019-1010025", + "epss": 0.00856, + "percentile": 0.74757, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -3082,7 +3258,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -3136,90 +3312,88 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00856, - "percentile": 0.74696, - "date": "2026-03-09" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0428 + "risk": 0.039749999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00856, - "percentile": 0.74696, - "date": "2026-03-09" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -3240,7 +3414,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -3294,95 +3468,105 @@ }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22241, - "date": "2026-03-09" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.15-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.040330000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.039654999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22241, - "date": "2026-03-09" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3398,65 +3582,88 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3464,155 +3671,92 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.039749999999999994 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" + ], "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.1.2" + } }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", + "id": "08d2144e99b02e72", + "name": "fluent-bit", + "version": "4.1.2", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7b87b38ab9df02e882f8208074deb99dad63909687a76c1b3354a32072e138ae", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.1.2", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3620,65 +3764,55 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "cve": "CVE-2025-12817", + "epss": 0.0011, + "percentile": 0.29293, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ - "3.0.18-1~deb12u2" + "15.15-0+deb12u1" ], "state": "fixed", "available": [ { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.039654999999999996 + "advisories": [], + "risk": 0.03355 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3686,17 +3820,17 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "cve": "CVE-2025-12817", + "epss": 0.0011, + "percentile": 0.29293, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -3712,164 +3846,48 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" }, "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "openssl" + "name": "postgresql-15" } ] } }, - { - "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.037275 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.1.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "08d2144e99b02e72", - "name": "fluent-bit", - "version": "4.1.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7b87b38ab9df02e882f8208074deb99dad63909687a76c1b3354a32072e138ae", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.1.2", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2019-1010024", @@ -3883,8 +3901,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70355, - "date": "2026-03-09" + "percentile": 0.70426, + "date": "2026-03-16" } ], "cwes": [ @@ -3947,8 +3965,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70355, - "date": "2026-03-09" + "percentile": 0.70426, + "date": "2026-03-16" } ], "cwes": [ @@ -4031,85 +4049,123 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2026-1965", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-1965", + "namespace": "debian:distro:debian:12", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "wont-fix" }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.031049999999999994 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" + ], + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.1.2" - } + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-1965", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "08d2144e99b02e72", - "name": "fluent-bit", - "version": "4.1.2", - "type": "binary", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7b87b38ab9df02e882f8208074deb99dad63909687a76c1b3354a32072e138ae", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -4118,122 +4174,97 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.2", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0055, - "percentile": 0.67585, - "date": "2026-03-09" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-385", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.0275 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0055, - "percentile": 0.67585, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-385", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" + ], "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.1.2" + } }, "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", + "id": "08d2144e99b02e72", + "name": "fluent-bit", + "version": "4.1.2", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7b87b38ab9df02e882f8208074deb99dad63909687a76c1b3354a32072e138ae", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -4242,34 +4273,34 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "purl": "pkg:github/fluent/fluent-bit@4.1.2", "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66224, - "date": "2026-03-09" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67658, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -4278,60 +4309,50 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025750000000000002 + "risk": 0.0275 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66224, - "date": "2026-03-09" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67658, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -4353,7 +4374,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2024-2236", "versionConstraint": "none (unknown)" } } @@ -4407,9 +4428,9 @@ "epss": [ { "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.14888, - "date": "2026-03-09" + "epss": 0.00056, + "percentile": 0.17356, + "date": "2026-03-16" } ], "cwes": [ @@ -4439,7 +4460,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.022785 + "risk": 0.026039999999999994 }, "relatedVulnerabilities": [ { @@ -4468,9 +4489,9 @@ "epss": [ { "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.14888, - "date": "2026-03-09" + "epss": 0.00056, + "percentile": 0.17356, + "date": "2026-03-16" } ], "cwes": [ @@ -4537,77 +4558,221 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "Negligible", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20185, - "date": "2026-03-09" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.6631, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.02013 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.6631, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2018-6829", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.7.9-2+deb12u6" + ], + "state": "fixed", + "available": [ + { + "version": "3.7.9-2+deb12u6", + "date": "2026-02-18", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6140-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4615,17 +4780,17 @@ ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20185, - "date": "2026-03-09" + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4641,56 +4806,625 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" + }, + "fix": { + "suggestedVersion": "3.7.9-2+deb12u6" + } + } + ], + "artifact": { + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgnutls30", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", + "upstreams": [ + { + "name": "gnutls28" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-0725", + "epss": 0.00442, + "percentile": 0.62966, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0221 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" + ], + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 7.3, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-0725", + "epss": 0.00442, + "percentile": 0.62966, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-0725", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11565, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.020085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" + ], + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11565, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59944, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019700000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59944, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" - } - } - ], - "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", - "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { - "evidence": "primary" + "evidence": "supporting" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "postgresql-15" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4707,18 +5441,18 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11553, - "date": "2026-03-09" + "cve": "CVE-2025-14524", + "epss": 0.0003, + "percentile": 0.08206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4726,20 +5460,21 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.020085 + "risk": 0.015449999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4756,18 +5491,18 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11553, - "date": "2026-03-09" + "cve": "CVE-2025-14524", + "epss": 0.0003, + "percentile": 0.08206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4788,7 +5523,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2025-14524", "versionConstraint": "none (unknown)" } } @@ -4823,79 +5558,88 @@ }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59883, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.019700000000000002 + "risk": 0.014249999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59883, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4916,7 +5660,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } @@ -4970,81 +5714,53 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.7.9-2+deb12u6" - ], - "state": "fixed", - "available": [ - { - "version": "3.7.9-2+deb12u6", - "date": "2026-02-18", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6140-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" - } - ], - "risk": 0.019055 + "advisories": [], + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5055,18 +5771,18 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5081,30 +5797,27 @@ "version": "12" }, "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" - }, - "fix": { - "suggestedVersion": "3.7.9-2+deb12u6" + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgnutls30", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -5113,31 +5826,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gnutls28" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54089, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5145,66 +5875,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01565 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54089, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5219,148 +5930,114 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.015449999999999998 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14524.html", - "https://curl.se/docs/CVE-2025-14524.json", - "https://hackerone.com/reports/3459417", - "http://www.openwall.com/lists/oss-security/2026/01/07/4" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5377,27 +6054,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -5406,100 +6083,92 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.014249999999999999 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5514,60 +6183,41 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } @@ -5585,8 +6235,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43824, - "date": "2026-03-09" + "percentile": 0.43875, + "date": "2026-03-16" } ], "cwes": [ @@ -5650,8 +6300,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43824, - "date": "2026-03-09" + "percentile": 0.43875, + "date": "2026-03-16" } ], "cwes": [ @@ -5724,74 +6374,88 @@ }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5807,27 +6471,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -5836,95 +6500,100 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "krb5" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5932,7 +6601,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5940,27 +6609,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -5969,37 +6638,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.4244, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2024-2379", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -6009,45 +6674,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.4244, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2024-2379", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -6064,27 +6738,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2024-2379", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -6093,92 +6767,118 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0103 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.008925 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6193,125 +6893,155 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2026-3784", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3784", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", - "cvss": [], + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42397, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.01025 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42397, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6332,7 +7062,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } @@ -6367,105 +7097,89 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", + "id": "CVE-2026-3783", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3783", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.008925 + "advisories": [], + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -6481,65 +7195,41 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "openssl" + "name": "curl" } ] } @@ -6557,8 +7247,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6624,8 +7314,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6706,8 +7396,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6773,8 +7463,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6864,8 +7554,8 @@ { "cve": "CVE-2025-68160", "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ @@ -6930,8 +7620,8 @@ { "cve": "CVE-2025-68160", "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ @@ -7030,8 +7720,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3258, - "date": "2026-03-09" + "percentile": 0.32482, + "date": "2026-03-16" } ], "cwes": [ @@ -7092,8 +7782,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3258, - "date": "2026-03-09" + "percentile": 0.32482, + "date": "2026-03-16" } ], "cwes": [ @@ -7198,66 +7888,238 @@ ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00659, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.006360000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00659, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.7.9-2+deb12u6" + ], + "state": "fixed", + "available": [ + { + "version": "3.7.9-2+deb12u6", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.006360000000000001 + "risk": 0.0063 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.9 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7273,60 +8135,44 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" + }, + "fix": { + "suggestedVersion": "3.7.9-2+deb12u6" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgnutls30", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { - "name": "glibc" + "name": "gnutls28" } ] } @@ -7344,8 +8190,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7394,8 +8240,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7470,8 +8316,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7520,8 +8366,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7592,8 +8438,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7642,8 +8488,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7718,8 +8564,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7768,8 +8614,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7827,160 +8673,6 @@ "upstreams": [] } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.7.9-2+deb12u6" - ], - "state": "fixed", - "available": [ - { - "version": "3.7.9-2+deb12u6", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0.00495 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" - }, - "fix": { - "suggestedVersion": "3.7.9-2+deb12u6" - } - } - ], - "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } - }, { "vulnerability": { "id": "CVE-2017-14159", @@ -7994,8 +8686,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00092, - "percentile": 0.25756, - "date": "2026-03-09" + "percentile": 0.25729, + "date": "2026-03-16" } ], "cwes": [ @@ -8054,8 +8746,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00092, - "percentile": 0.25756, - "date": "2026-03-09" + "percentile": 0.25729, + "date": "2026-03-16" } ], "cwes": [ @@ -8139,8 +8831,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8187,8 +8879,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8272,8 +8964,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8320,8 +9012,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8396,8 +9088,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8444,8 +9136,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8525,8 +9217,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8573,8 +9265,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8649,8 +9341,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00072, - "percentile": 0.21754, - "date": "2026-03-09" + "percentile": 0.21722, + "date": "2026-03-16" } ], "cwes": [ @@ -8699,8 +9391,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00072, - "percentile": 0.21754, - "date": "2026-03-09" + "percentile": 0.21722, + "date": "2026-03-16" } ], "cwes": [ @@ -8774,9 +9466,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00069, - "percentile": 0.20993, - "date": "2026-03-09" + "epss": 0.00071, + "percentile": 0.21481, + "date": "2026-03-16" } ], "cwes": [ @@ -8792,7 +9484,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00345 + "risk": 0.00355 }, "relatedVulnerabilities": [ { @@ -8822,9 +9514,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00069, - "percentile": 0.20993, - "date": "2026-03-09" + "epss": 0.00071, + "percentile": 0.21481, + "date": "2026-03-16" } ], "cwes": [ @@ -8933,8 +9625,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -8996,8 +9688,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -9072,8 +9764,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9133,8 +9825,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9241,8 +9933,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9302,8 +9994,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9378,8 +10070,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9439,8 +10131,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9543,8 +10235,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9604,8 +10296,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9703,8 +10395,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9764,8 +10456,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9876,8 +10568,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -9942,8 +10634,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -10042,8 +10734,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10109,8 +10801,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10191,8 +10883,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10258,8 +10950,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10336,8 +11028,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "percentile": 0.08352, + "date": "2026-03-16" } ], "cwes": [ @@ -10386,8 +11078,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "percentile": 0.08352, + "date": "2026-03-16" } ], "cwes": [ @@ -10461,9 +11153,9 @@ "epss": [ { "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ @@ -10485,7 +11177,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.001 + "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { @@ -10516,9 +11208,9 @@ "epss": [ { "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ @@ -10608,8 +11300,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00018, - "percentile": 0.04357, - "date": "2026-03-09" + "percentile": 0.0432, + "date": "2026-03-16" } ], "fix": { @@ -10651,8 +11343,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00018, - "percentile": 0.04357, - "date": "2026-03-09" + "percentile": 0.0432, + "date": "2026-03-16" } ] } @@ -10719,8 +11411,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -10768,8 +11460,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -11159,107 +11851,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/oss/grype-4.1.2.md b/docs/security/oss/grype-4.1.2.md index ad128fa..4c63d2c 100644 --- a/docs/security/oss/grype-4.1.2.md +++ b/docs/security/oss/grype-4.1.2.md @@ -12,8 +12,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005) | High | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | -| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | @@ -21,12 +21,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | | fluent-bit | 4.1.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | fluent-bit | 4.1.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003) | Medium | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libsystemd0 | 254.26-1~bpo12+1 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd | 254.26-1~bpo12+1 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | | zlib1g | 1:1.2.13.dfsg-1 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Medium | @@ -40,19 +45,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.2.0.json b/docs/security/oss/grype-4.2.0.json index 3616c03..0ee103f 100644 --- a/docs/security/oss/grype-4.2.0.json +++ b/docs/security/oss/grype-4.2.0.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.8064, - "date": "2026-03-09" + "percentile": 0.80694, + "date": "2026-03-16" } ], "cwes": [ @@ -215,8 +215,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -283,8 +283,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -383,8 +383,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87877, - "date": "2026-03-09" + "percentile": 0.87925, + "date": "2026-03-16" } ], "cwes": [ @@ -518,8 +518,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87877, - "date": "2026-03-09" + "percentile": 0.87925, + "date": "2026-03-16" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -673,8 +673,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -773,8 +773,8 @@ { "cve": "CVE-2017-17740", "epss": 0.02871, - "percentile": 0.86062, - "date": "2026-03-09" + "percentile": 0.86102, + "date": "2026-03-16" } ], "cwes": [ @@ -836,8 +836,8 @@ { "cve": "CVE-2017-17740", "epss": 0.02871, - "percentile": 0.86062, - "date": "2026-03-09" + "percentile": 0.86102, + "date": "2026-03-16" } ], "cwes": [ @@ -933,9 +933,9 @@ "epss": [ { "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30109, - "date": "2026-03-09" + "epss": 0.00132, + "percentile": 0.32612, + "date": "2026-03-16" } ], "cwes": [ @@ -965,7 +965,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.093725 + "risk": 0.10758000000000001 }, "relatedVulnerabilities": [ { @@ -994,9 +994,9 @@ "epss": [ { "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30109, - "date": "2026-03-09" + "epss": 0.00132, + "percentile": 0.32612, + "date": "2026-03-16" } ], "cwes": [ @@ -1073,9 +1073,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82337, - "date": "2026-03-09" + "epss": 0.01912, + "percentile": 0.83113, + "date": "2026-03-16" } ], "fix": { @@ -1083,7 +1083,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08785 + "risk": 0.09560000000000002 }, "relatedVulnerabilities": [ { @@ -1127,9 +1127,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82337, - "date": "2026-03-09" + "epss": 0.01912, + "percentile": 0.83113, + "date": "2026-03-16" } ] } @@ -1205,8 +1205,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80809, - "date": "2026-03-09" + "percentile": 0.80861, + "date": "2026-03-16" } ], "cwes": [ @@ -1268,8 +1268,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80809, - "date": "2026-03-09" + "percentile": 0.80861, + "date": "2026-03-16" } ], "cwes": [ @@ -1363,8 +1363,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1423,8 +1423,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1508,8 +1508,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1568,8 +1568,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1644,8 +1644,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1704,8 +1704,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1785,8 +1785,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1845,8 +1845,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1933,9 +1933,9 @@ "epss": [ { "cve": "CVE-2026-2006", - "epss": 0.00075, - "percentile": 0.22442, - "date": "2026-03-09" + "epss": 0.00087, + "percentile": 0.24841, + "date": "2026-03-16" } ], "cwes": [ @@ -1965,7 +1965,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.061125000000000006 + "risk": 0.070905 }, "relatedVulnerabilities": [ { @@ -1994,9 +1994,9 @@ "epss": [ { "cve": "CVE-2026-2006", - "epss": 0.00075, - "percentile": 0.22442, - "date": "2026-03-09" + "epss": 0.00087, + "percentile": 0.24841, + "date": "2026-03-16" } ], "cwes": [ @@ -2086,9 +2086,9 @@ "epss": [ { "cve": "CVE-2026-2005", - "epss": 0.00066, - "percentile": 0.20179, - "date": "2026-03-09" + "epss": 0.00076, + "percentile": 0.22508, + "date": "2026-03-16" } ], "cwes": [ @@ -2118,7 +2118,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.053790000000000004 + "risk": 0.06194000000000001 }, "relatedVulnerabilities": [ { @@ -2147,9 +2147,9 @@ "epss": [ { "cve": "CVE-2026-2005", - "epss": 0.00066, - "percentile": 0.20179, - "date": "2026-03-09" + "epss": 0.00076, + "percentile": 0.22508, + "date": "2026-03-16" } ], "cwes": [ @@ -2240,8 +2240,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.27974, - "date": "2026-03-09" + "percentile": 0.27935, + "date": "2026-03-16" } ], "fix": { @@ -2284,8 +2284,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.27974, - "date": "2026-03-09" + "percentile": 0.27935, + "date": "2026-03-16" } ] } @@ -2339,6 +2339,154 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12818", + "epss": 0.00096, + "percentile": 0.26549, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.052320000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2025-12818/" + ], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12818", + "epss": 0.00096, + "percentile": 0.26549, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "postgresql-15", + "version": "15.14-0+deb12u1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" + } + } + ], + "artifact": { + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libpq5", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "upstreams": [ + { + "name": "postgresql-15" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-69421", @@ -2365,8 +2513,8 @@ { "cve": "CVE-2025-69421", "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ @@ -2443,8 +2591,8 @@ { "cve": "CVE-2025-69421", "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ @@ -2532,113 +2680,97 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69419", + "cve": "CVE-2025-13151", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.045445 + "advisories": [], + "risk": 0.0465 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "cve": "CVE-2025-13151", + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69419", + "cve": "CVE-2025-13151", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2646,146 +2778,148 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69419", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75428, - "date": "2026-03-09" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0452 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.045445 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 3.9, - "impactScore": 3.4 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75428, - "date": "2026-03-09" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2800,129 +2934,150 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-0725", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74804, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2019-9192", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.044250000000000005 + "risk": 0.043000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74804, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", + "cve": "CVE-2019-9192", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -2931,7 +3086,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2939,67 +3094,85 @@ "version": "12" }, "package": { - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "48b70e4d102cdd4b", - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libtasn1-6", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.0086, - "percentile": 0.74743, - "date": "2026-03-09" + "cve": "CVE-2019-1010025", + "epss": 0.00856, + "percentile": 0.74757, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -3009,29 +3182,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.043000000000000003 + "risk": 0.0428 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -3039,7 +3215,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -3050,16 +3226,16 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.0086, - "percentile": 0.74743, - "date": "2026-03-09" + "cve": "CVE-2019-1010025", + "epss": 0.00856, + "percentile": 0.74757, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -3082,7 +3258,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -3136,90 +3312,88 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00856, - "percentile": 0.74696, - "date": "2026-03-09" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0428 + "risk": 0.039749999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00856, - "percentile": 0.74696, - "date": "2026-03-09" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -3240,7 +3414,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -3294,95 +3468,105 @@ }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22241, - "date": "2026-03-09" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.15-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.040330000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.039654999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22241, - "date": "2026-03-09" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3398,65 +3582,88 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3464,155 +3671,92 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.039749999999999994 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" + ], "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.2.0" + } }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", + "id": "98f5fa2eeb129470", + "name": "fluent-bit", + "version": "4.2.0", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:926d867f71941d2c8d8ab91f3d5b7695f120d160677e4022348a992b7e6c120d", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.2.0", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3620,65 +3764,55 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "cve": "CVE-2025-12817", + "epss": 0.0011, + "percentile": 0.29293, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ - "3.0.18-1~deb12u2" + "15.15-0+deb12u1" ], "state": "fixed", "available": [ { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.039654999999999996 + "advisories": [], + "risk": 0.03355 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3686,17 +3820,17 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "cve": "CVE-2025-12817", + "epss": 0.0011, + "percentile": 0.29293, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -3712,164 +3846,48 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" }, "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "openssl" + "name": "postgresql-15" } ] } }, - { - "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.037275 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.2.0" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "98f5fa2eeb129470", - "name": "fluent-bit", - "version": "4.2.0", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:926d867f71941d2c8d8ab91f3d5b7695f120d160677e4022348a992b7e6c120d", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.2.0", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2019-1010024", @@ -3883,8 +3901,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70355, - "date": "2026-03-09" + "percentile": 0.70426, + "date": "2026-03-16" } ], "cwes": [ @@ -3947,8 +3965,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70355, - "date": "2026-03-09" + "percentile": 0.70426, + "date": "2026-03-16" } ], "cwes": [ @@ -4031,85 +4049,123 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2026-1965", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-1965", + "namespace": "debian:distro:debian:12", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "wont-fix" }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.031049999999999994 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" + ], + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.2.0" - } + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-1965", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "98f5fa2eeb129470", - "name": "fluent-bit", - "version": "4.2.0", - "type": "binary", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:926d867f71941d2c8d8ab91f3d5b7695f120d160677e4022348a992b7e6c120d", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -4118,122 +4174,97 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.2.0", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0055, - "percentile": 0.67585, - "date": "2026-03-09" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-385", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.0275 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0055, - "percentile": 0.67585, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-385", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" + ], "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.2.0" + } }, "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", + "id": "98f5fa2eeb129470", + "name": "fluent-bit", + "version": "4.2.0", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:926d867f71941d2c8d8ab91f3d5b7695f120d160677e4022348a992b7e6c120d", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -4242,34 +4273,34 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "purl": "pkg:github/fluent/fluent-bit@4.2.0", "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66224, - "date": "2026-03-09" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67658, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -4278,60 +4309,50 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025750000000000002 + "risk": 0.0275 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66224, - "date": "2026-03-09" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67658, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -4353,7 +4374,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2024-2236", "versionConstraint": "none (unknown)" } } @@ -4407,9 +4428,9 @@ "epss": [ { "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.14888, - "date": "2026-03-09" + "epss": 0.00056, + "percentile": 0.17356, + "date": "2026-03-16" } ], "cwes": [ @@ -4439,7 +4460,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], - "risk": 0.022785 + "risk": 0.026039999999999994 }, "relatedVulnerabilities": [ { @@ -4468,9 +4489,9 @@ "epss": [ { "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.14888, - "date": "2026-03-09" + "epss": 0.00056, + "percentile": 0.17356, + "date": "2026-03-16" } ], "cwes": [ @@ -4537,77 +4558,221 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "Negligible", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20185, - "date": "2026-03-09" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.6631, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.02013 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.6631, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2018-6829", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.7.9-2+deb12u6" + ], + "state": "fixed", + "available": [ + { + "version": "3.7.9-2+deb12u6", + "date": "2026-02-18", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6140-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" + } + ], + "risk": 0.023175 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" + ], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4615,17 +4780,17 @@ ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20185, - "date": "2026-03-09" + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4641,56 +4806,625 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" + }, + "fix": { + "suggestedVersion": "3.7.9-2+deb12u6" + } + } + ], + "artifact": { + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgnutls30", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", + "upstreams": [ + { + "name": "gnutls28" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-0725", + "epss": 0.00442, + "percentile": 0.62966, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0221 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" + ], + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 7.3, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-0725", + "epss": 0.00442, + "percentile": 0.62966, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-0725", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11565, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.020085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" + ], + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11565, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59944, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019700000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59944, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-03-16" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-03-16" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" - } - } - ], - "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", - "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { - "evidence": "primary" + "evidence": "supporting" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "postgresql-15" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4707,18 +5441,18 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11553, - "date": "2026-03-09" + "cve": "CVE-2025-14524", + "epss": 0.0003, + "percentile": 0.08206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4726,20 +5460,21 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.020085 + "risk": 0.015449999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4756,18 +5491,18 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11553, - "date": "2026-03-09" + "cve": "CVE-2025-14524", + "epss": 0.0003, + "percentile": 0.08206, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4788,7 +5523,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2025-14524", "versionConstraint": "none (unknown)" } } @@ -4823,79 +5558,88 @@ }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59883, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.019700000000000002 + "risk": 0.014249999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59883, - "date": "2026-03-09" + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4916,7 +5660,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } @@ -4970,81 +5714,53 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.7.9-2+deb12u6" - ], - "state": "fixed", - "available": [ - { - "version": "3.7.9-2+deb12u6", - "date": "2026-02-18", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6140-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" - } - ], - "risk": 0.019055 + "advisories": [], + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5055,18 +5771,18 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5081,30 +5797,27 @@ "version": "12" }, "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" - }, - "fix": { - "suggestedVersion": "3.7.9-2+deb12u6" + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgnutls30", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -5113,31 +5826,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gnutls28" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54089, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5145,66 +5875,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01565 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54089, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5219,148 +5930,114 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.015449999999999998 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14524.html", - "https://curl.se/docs/CVE-2025-14524.json", - "https://hackerone.com/reports/3459417", - "http://www.openwall.com/lists/oss-security/2026/01/07/4" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5377,27 +6054,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -5406,100 +6083,92 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.014249999999999999 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5514,60 +6183,41 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } @@ -5585,8 +6235,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43824, - "date": "2026-03-09" + "percentile": 0.43875, + "date": "2026-03-16" } ], "cwes": [ @@ -5650,8 +6300,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43824, - "date": "2026-03-09" + "percentile": 0.43875, + "date": "2026-03-16" } ], "cwes": [ @@ -5724,74 +6374,88 @@ }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5807,27 +6471,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -5836,95 +6500,100 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "krb5" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5932,7 +6601,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5940,27 +6609,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -5969,37 +6638,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.4244, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2024-2379", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -6009,45 +6674,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.4244, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2024-2379", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -6064,27 +6738,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2024-2379", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -6093,92 +6767,118 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0103 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.008925 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6193,125 +6893,155 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2026-3784", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3784", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", - "cvss": [], + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42397, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.01025 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42397, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6332,7 +7062,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } @@ -6367,105 +7097,89 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", + "id": "CVE-2026-3783", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3783", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.008925 + "advisories": [], + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -6481,65 +7195,41 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "openssl" + "name": "curl" } ] } @@ -6557,8 +7247,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6624,8 +7314,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6706,8 +7396,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6773,8 +7463,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6864,8 +7554,8 @@ { "cve": "CVE-2025-68160", "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ @@ -6930,8 +7620,8 @@ { "cve": "CVE-2025-68160", "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ @@ -7030,8 +7720,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3258, - "date": "2026-03-09" + "percentile": 0.32482, + "date": "2026-03-16" } ], "cwes": [ @@ -7092,8 +7782,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3258, - "date": "2026-03-09" + "percentile": 0.32482, + "date": "2026-03-16" } ], "cwes": [ @@ -7198,66 +7888,238 @@ ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00659, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.006360000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00659, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.7.9-2+deb12u6" + ], + "state": "fixed", + "available": [ + { + "version": "3.7.9-2+deb12u6", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.006360000000000001 + "risk": 0.0063 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.9 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7273,60 +8135,44 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" + }, + "fix": { + "suggestedVersion": "3.7.9-2+deb12u6" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgnutls30", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { - "name": "glibc" + "name": "gnutls28" } ] } @@ -7344,8 +8190,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7394,8 +8240,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7470,8 +8316,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7520,8 +8366,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7592,8 +8438,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7642,8 +8488,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7718,8 +8564,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7768,8 +8614,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7827,160 +8673,6 @@ "upstreams": [] } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.7.9-2+deb12u6" - ], - "state": "fixed", - "available": [ - { - "version": "3.7.9-2+deb12u6", - "date": "2026-02-27", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0.00495 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" - }, - "fix": { - "suggestedVersion": "3.7.9-2+deb12u6" - } - } - ], - "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } - }, { "vulnerability": { "id": "CVE-2017-14159", @@ -7994,8 +8686,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00092, - "percentile": 0.25756, - "date": "2026-03-09" + "percentile": 0.25729, + "date": "2026-03-16" } ], "cwes": [ @@ -8054,8 +8746,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00092, - "percentile": 0.25756, - "date": "2026-03-09" + "percentile": 0.25729, + "date": "2026-03-16" } ], "cwes": [ @@ -8139,8 +8831,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8187,8 +8879,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8272,8 +8964,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8320,8 +9012,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8396,8 +9088,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8444,8 +9136,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8525,8 +9217,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8573,8 +9265,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8649,8 +9341,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00072, - "percentile": 0.21754, - "date": "2026-03-09" + "percentile": 0.21722, + "date": "2026-03-16" } ], "cwes": [ @@ -8699,8 +9391,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00072, - "percentile": 0.21754, - "date": "2026-03-09" + "percentile": 0.21722, + "date": "2026-03-16" } ], "cwes": [ @@ -8774,9 +9466,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00069, - "percentile": 0.20993, - "date": "2026-03-09" + "epss": 0.00071, + "percentile": 0.21481, + "date": "2026-03-16" } ], "cwes": [ @@ -8792,7 +9484,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00345 + "risk": 0.00355 }, "relatedVulnerabilities": [ { @@ -8822,9 +9514,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00069, - "percentile": 0.20993, - "date": "2026-03-09" + "epss": 0.00071, + "percentile": 0.21481, + "date": "2026-03-16" } ], "cwes": [ @@ -8933,8 +9625,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -8996,8 +9688,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -9072,8 +9764,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9133,8 +9825,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9241,8 +9933,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9302,8 +9994,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9378,8 +10070,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9439,8 +10131,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9543,8 +10235,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9604,8 +10296,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9703,8 +10395,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9764,8 +10456,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15161, - "date": "2026-03-09" + "percentile": 0.15173, + "date": "2026-03-16" } ], "cwes": [ @@ -9876,8 +10568,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -9942,8 +10634,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -10042,8 +10734,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10109,8 +10801,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10191,8 +10883,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10258,8 +10950,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -10336,8 +11028,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "percentile": 0.08352, + "date": "2026-03-16" } ], "cwes": [ @@ -10386,8 +11078,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "percentile": 0.08352, + "date": "2026-03-16" } ], "cwes": [ @@ -10461,9 +11153,9 @@ "epss": [ { "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ @@ -10485,7 +11177,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.001 + "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { @@ -10516,9 +11208,9 @@ "epss": [ { "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ @@ -10608,8 +11300,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00018, - "percentile": 0.04357, - "date": "2026-03-09" + "percentile": 0.0432, + "date": "2026-03-16" } ], "fix": { @@ -10651,8 +11343,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00018, - "percentile": 0.04357, - "date": "2026-03-09" + "percentile": 0.0432, + "date": "2026-03-16" } ] } @@ -10719,8 +11411,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -10768,8 +11460,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -11159,107 +11851,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/oss/grype-4.2.0.md b/docs/security/oss/grype-4.2.0.md index 4a47c69..7b27ada 100644 --- a/docs/security/oss/grype-4.2.0.md +++ b/docs/security/oss/grype-4.2.0.md @@ -12,8 +12,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005) | High | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | -| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | @@ -21,12 +21,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | | fluent-bit | 4.2.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | fluent-bit | 4.2.0 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003) | Medium | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libsystemd0 | 254.26-1~bpo12+1 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd | 254.26-1~bpo12+1 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | | zlib1g | 1:1.2.13.dfsg-1 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Medium | @@ -40,19 +45,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.2.1.json b/docs/security/oss/grype-4.2.1.json index 7aa0d1f..c14f16d 100644 --- a/docs/security/oss/grype-4.2.1.json +++ b/docs/security/oss/grype-4.2.1.json @@ -26,8 +26,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -94,8 +94,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -194,8 +194,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87877, - "date": "2026-03-09" + "percentile": 0.87925, + "date": "2026-03-16" } ], "cwes": [ @@ -329,8 +329,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87877, - "date": "2026-03-09" + "percentile": 0.87925, + "date": "2026-03-16" } ], "cwes": [ @@ -418,8 +418,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -484,8 +484,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -584,8 +584,8 @@ { "cve": "CVE-2017-17740", "epss": 0.02871, - "percentile": 0.86062, - "date": "2026-03-09" + "percentile": 0.86102, + "date": "2026-03-16" } ], "cwes": [ @@ -647,8 +647,8 @@ { "cve": "CVE-2017-17740", "epss": 0.02871, - "percentile": 0.86062, - "date": "2026-03-09" + "percentile": 0.86102, + "date": "2026-03-16" } ], "cwes": [ @@ -735,9 +735,9 @@ "epss": [ { "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30109, - "date": "2026-03-09" + "epss": 0.00132, + "percentile": 0.32612, + "date": "2026-03-16" } ], "cwes": [ @@ -767,7 +767,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6133-1" } ], - "risk": 0.093725 + "risk": 0.10758000000000001 }, "relatedVulnerabilities": [ { @@ -796,9 +796,9 @@ "epss": [ { "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30109, - "date": "2026-03-09" + "epss": 0.00132, + "percentile": 0.32612, + "date": "2026-03-16" } ], "cwes": [ @@ -875,9 +875,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82337, - "date": "2026-03-09" + "epss": 0.01912, + "percentile": 0.83113, + "date": "2026-03-16" } ], "fix": { @@ -885,7 +885,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08785 + "risk": 0.09560000000000002 }, "relatedVulnerabilities": [ { @@ -929,9 +929,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82337, - "date": "2026-03-09" + "epss": 0.01912, + "percentile": 0.83113, + "date": "2026-03-16" } ] } @@ -998,8 +998,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80809, - "date": "2026-03-09" + "percentile": 0.80861, + "date": "2026-03-16" } ], "cwes": [ @@ -1061,8 +1061,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80809, - "date": "2026-03-09" + "percentile": 0.80861, + "date": "2026-03-16" } ], "cwes": [ @@ -1186,8 +1186,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1246,8 +1246,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1331,8 +1331,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1391,8 +1391,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1467,8 +1467,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1527,8 +1527,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1608,8 +1608,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1668,8 +1668,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1756,9 +1756,9 @@ "epss": [ { "cve": "CVE-2026-2006", - "epss": 0.00075, - "percentile": 0.22442, - "date": "2026-03-09" + "epss": 0.00087, + "percentile": 0.24841, + "date": "2026-03-16" } ], "cwes": [ @@ -1788,7 +1788,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6133-1" } ], - "risk": 0.061125000000000006 + "risk": 0.070905 }, "relatedVulnerabilities": [ { @@ -1817,9 +1817,9 @@ "epss": [ { "cve": "CVE-2026-2006", - "epss": 0.00075, - "percentile": 0.22442, - "date": "2026-03-09" + "epss": 0.00087, + "percentile": 0.24841, + "date": "2026-03-16" } ], "cwes": [ @@ -1909,9 +1909,9 @@ "epss": [ { "cve": "CVE-2026-2005", - "epss": 0.00066, - "percentile": 0.20179, - "date": "2026-03-09" + "epss": 0.00076, + "percentile": 0.22508, + "date": "2026-03-16" } ], "cwes": [ @@ -1941,7 +1941,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6133-1" } ], - "risk": 0.053790000000000004 + "risk": 0.06194000000000001 }, "relatedVulnerabilities": [ { @@ -1970,9 +1970,9 @@ "epss": [ { "cve": "CVE-2026-2005", - "epss": 0.00066, - "percentile": 0.20179, - "date": "2026-03-09" + "epss": 0.00076, + "percentile": 0.22508, + "date": "2026-03-16" } ], "cwes": [ @@ -2039,21 +2039,21 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:13", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2061,77 +2061,55 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-12818", + "epss": 0.00096, + "percentile": 0.26549, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ - "3.5.4-1~deb13u2" + "17.7-0+deb13u1" ], "state": "fixed", "available": [ { - "version": "3.5.4-1~deb13u2", - "date": "2026-01-27", - "kind": "advisory" + "version": "17.7-0+deb13u1", + "date": "2026-01-19", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.048749999999999995 + "advisories": [], + "risk": 0.052320000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2139,17 +2117,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-12818", + "epss": 0.00096, + "percentile": 0.26549, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -2165,103 +2143,82 @@ "version": "13" }, "package": { - "name": "openssl", - "version": "3.5.4-1~deb13u1" + "name": "postgresql-17", + "version": "17.6-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 17.7-0+deb13u1 (deb)" }, "fix": { - "suggestedVersion": "3.5.4-1~deb13u2" + "suggestedVersion": "17.7-0+deb13u1" } } ], "artifact": { - "id": "cd60076a5535e1af", - "name": "libssl3t64", - "version": "3.5.4-1~deb13u1", + "id": "4876b68eb369aa41", + "name": "libpq5", + "version": "17.6-0+deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3t64", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3t64/copyright", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/usr/share/doc/libssl3t64/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { - "name": "openssl" + "name": "postgresql-17" } ] } }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2285,49 +2242,61 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.045445 + "risk": 0.048749999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2350,7 +2319,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" }, "fix": { @@ -2432,9 +2401,9 @@ "epss": [ { "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ @@ -2450,7 +2419,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.044250000000000005 + "risk": 0.0465 }, "relatedVulnerabilities": [ { @@ -2482,9 +2451,9 @@ "epss": [ { "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ @@ -2549,41 +2518,220 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", - "cvss": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.0086, - "percentile": 0.74743, - "date": "2026-03-09" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.043000000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", - "namespace": "nvd:cpe", + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.045445 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.1884, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74804, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.043000000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", @@ -2620,8 +2768,8 @@ { "cve": "CVE-2019-9192", "epss": 0.0086, - "percentile": 0.74743, - "date": "2026-03-09" + "percentile": 0.74804, + "date": "2026-03-16" } ], "cwes": [ @@ -2745,8 +2893,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00856, - "percentile": 0.74696, - "date": "2026-03-09" + "percentile": 0.74757, + "date": "2026-03-16" } ], "cwes": [ @@ -2808,8 +2956,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00856, - "percentile": 0.74696, - "date": "2026-03-09" + "percentile": 0.74757, + "date": "2026-03-16" } ], "cwes": [ @@ -2922,21 +3070,21 @@ }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2944,55 +3092,56 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22241, - "date": "2026-03-09" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "17.7-0+deb13u1" + "2.41-12+deb13u2" ], "state": "fixed", "available": [ { - "version": "17.7-0+deb13u1", - "date": "2026-01-19", + "version": "2.41-12+deb13u2", + "date": "2026-03-16", "kind": "first-observed" } ] }, "advisories": [], - "risk": 0.040330000000000005 + "risk": 0.039749999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3000,17 +3149,17 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22241, - "date": "2026-03-09" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -3026,167 +3175,30 @@ "version": "13" }, "package": { - "name": "postgresql-17", - "version": "17.6-0+deb13u1" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 17.7-0+deb13u1 (deb)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 2.41-12+deb13u2 (deb)" }, "fix": { - "suggestedVersion": "17.7-0+deb13u1" + "suggestedVersion": "2.41-12+deb13u2" } } ], "artifact": { - "id": "4876b68eb369aa41", - "name": "libpq5", - "version": "17.6-0+deb13u1", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", - "upstreams": [ - { - "name": "postgresql-17" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:13", - "severity": "High", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.039749999999999994 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "glibc", - "version": "2.41-12" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } @@ -3280,8 +3292,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -3346,8 +3358,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -3461,8 +3473,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -3554,8 +3566,8 @@ { "cve": "CVE-2025-66199", "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ @@ -3614,8 +3626,8 @@ { "cve": "CVE-2025-66199", "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ @@ -3703,91 +3715,96 @@ }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Low", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70355, - "date": "2026-03-09" + "cve": "CVE-2025-12817", + "epss": 0.0011, + "percentile": 0.29293, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "17.7-0+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "17.7-0+deb13u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0323 + "risk": 0.03355 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70355, - "date": "2026-03-09" + "cve": "CVE-2025-12817", + "epss": 0.0011, + "percentile": 0.29293, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -3802,38 +3819,181 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "postgresql-17", + "version": "17.6-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 17.7-0+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "17.7-0+deb13u1" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "4876b68eb369aa41", + "name": "libpq5", + "version": "17.6-0+deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", + "upstreams": [ + { + "name": "postgresql-17" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70426, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0323 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" + ], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70426, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010024", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", @@ -3892,21 +4052,21 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15468", + "id": "CVE-2026-1965", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-1965", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3914,59 +4074,47 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "3.5.4-1~deb13u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.5.4-1~deb13u2", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.02834 + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3974,17 +4122,17 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4000,220 +4148,112 @@ "version": "13" }, "package": { - "name": "openssl", - "version": "3.5.4-1~deb13u1" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.5.4-1~deb13u2" + "vulnerabilityID": "CVE-2026-1965", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd60076a5535e1af", - "name": "libssl3t64", - "version": "3.5.4-1~deb13u1", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3t64", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3t64/copyright", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/usr/share/doc/libssl3t64/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "openssl" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2026-3805", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3805", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", + "cve": "CVE-2026-3805", + "cwe": "CWE-416", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.2.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "6601a8043e1f952a", - "name": "fluent-bit", - "version": "4.2.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4bfa078bccadedc78bb2a8e41a4c748239725e254bf1f1bf6c590ba55a7dbd96", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.2.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0055, - "percentile": 0.67585, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-385", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0275 + "risk": 0.03075 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4221,25 +4261,25 @@ ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0055, - "percentile": 0.67585, - "date": "2026-03-09" + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-385", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4247,27 +4287,27 @@ "version": "13" }, "package": { - "name": "libgcrypt20", - "version": "1.11.0-7" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2026-3805", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5826072934743d2f", - "name": "libgcrypt20", - "version": "1.11.0-7", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } @@ -4276,104 +4316,119 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-15468", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15468", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66224, - "date": "2026-03-09" + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.025750000000000002 + "risk": 0.02834 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66224, - "date": "2026-03-09" + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4381,15 +4436,262 @@ "version": "13" }, "package": { - "name": "libgcrypt20", - "version": "1.11.0-7" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" - } + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.2.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "6601a8043e1f952a", + "name": "fluent-bit", + "version": "4.2.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4bfa078bccadedc78bb2a8e41a4c748239725e254bf1f1bf6c590ba55a7dbd96", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.2.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67658, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0275 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67658, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "libgcrypt20", + "version": "1.11.0-7" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } } ], "artifact": { @@ -4441,9 +4743,9 @@ "epss": [ { "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.14888, - "date": "2026-03-09" + "epss": 0.00056, + "percentile": 0.17356, + "date": "2026-03-16" } ], "cwes": [ @@ -4473,7 +4775,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6133-1" } ], - "risk": 0.022785 + "risk": 0.026039999999999994 }, "relatedVulnerabilities": [ { @@ -4502,9 +4804,9 @@ "epss": [ { "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.14888, - "date": "2026-03-09" + "epss": 0.00056, + "percentile": 0.17356, + "date": "2026-03-16" } ], "cwes": [ @@ -4571,21 +4873,155 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:13", - "severity": "Low", + "severity": "Negligible", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [], + "epss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.6631, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.025750000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" + ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.6631, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "libgcrypt20", + "version": "1.11.0-7" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2018-6829", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5826072934743d2f", + "name": "libgcrypt20", + "version": "1.11.0-7", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "namespace": "debian:distro:debian:13", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4593,55 +5029,65 @@ ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20185, - "date": "2026-03-09" + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "17.7-0+deb13u1" + "3.8.9-3+deb13u2" ], "state": "fixed", "available": [ { - "version": "17.7-0+deb13u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.8.9-3+deb13u2", + "date": "2026-02-18", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.02013 + "advisories": [ + { + "id": "DSA-6140-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" + } + ], + "risk": 0.023175 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4649,17 +5095,17 @@ ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20185, - "date": "2026-03-09" + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4675,30 +5121,30 @@ "version": "13" }, "package": { - "name": "postgresql-17", - "version": "17.6-0+deb13u1" + "name": "gnutls28", + "version": "3.8.9-3" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 17.7-0+deb13u1 (deb)" + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 3.8.9-3+deb13u2 (deb)" }, "fix": { - "suggestedVersion": "17.7-0+deb13u1" + "suggestedVersion": "3.8.9-3+deb13u2" } } ], "artifact": { - "id": "4876b68eb369aa41", - "name": "libpq5", - "version": "17.6-0+deb13u1", + "id": "0e0d3baf82fb14d6", + "name": "libgnutls30t64", + "version": "3.8.9-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } @@ -4707,12 +5153,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", + "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { - "name": "postgresql-17" + "name": "gnutls28" } ] } @@ -4743,8 +5189,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00039, - "percentile": 0.11553, - "date": "2026-03-09" + "percentile": 0.11565, + "date": "2026-03-16" } ], "cwes": [ @@ -4792,8 +5238,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00039, - "percentile": 0.11553, - "date": "2026-03-09" + "percentile": 0.11565, + "date": "2026-03-16" } ], "cwes": [ @@ -4868,8 +5314,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00394, - "percentile": 0.59883, - "date": "2026-03-09" + "percentile": 0.59944, + "date": "2026-03-16" } ], "cwes": [ @@ -4920,8 +5366,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00394, - "percentile": 0.59883, - "date": "2026-03-09" + "percentile": 0.59944, + "date": "2026-03-16" } ], "cwes": [ @@ -5034,174 +5480,19 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.8.9-3+deb13u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.8.9-3+deb13u2", - "date": "2026-02-18", - "kind": "advisory" - } - ] - }, - "advisories": [ - { - "id": "DSA-6140-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" - } - ], - "risk": 0.019055 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" - ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "gnutls28", - "version": "3.8.9-3" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "< 3.8.9-3+deb13u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.8.9-3+deb13u2" - } - } - ], - "artifact": { - "id": "0e0d3baf82fb14d6", - "name": "libgnutls30t64", - "version": "3.8.9-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30t64", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54089, - "date": "2026-03-09" + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-03-16" } ], "fix": { @@ -5267,8 +5558,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54089, - "date": "2026-03-09" + "percentile": 0.54168, + "date": "2026-03-16" } ] } @@ -5361,100 +5652,679 @@ "public-domain" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "namespace": "debian:distro:debian:13", + "severity": "Medium", + "urls": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.0003, + "percentile": 0.08206, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.015449999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.0003, + "percentile": 0.08206, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "curl", + "version": "8.14.1-2+deb13u2" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-14524", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "2.41-12+deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "2.41-12+deb13u2", + "date": "2026-03-16", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.014249999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 2.41-12+deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "2.41-12+deb13u2" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" + ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "krb5", + "version": "1.21.3-5" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b6ee860d702b8084", + "name": "libgssapi-krb5-2", + "version": "1.21.3-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" + ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "krb5", + "version": "1.21.3-5" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "52ef833c1503e21a", + "name": "libk5crypto3", + "version": "1.21.3-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.015449999999999998 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14524.html", - "https://curl.se/docs/CVE-2025-14524.json", - "https://hackerone.com/reports/3459417", - "http://www.openwall.com/lists/oss-security/2026/01/07/4" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5471,27 +6341,27 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "d4c94f2fc66f3184", + "name": "libkrb5-3", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -5500,100 +6370,92 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.014249999999999999 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5608,90 +6470,41 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "56fc39be304d53f0", + "name": "libkrb5support0", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } @@ -5709,8 +6522,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43824, - "date": "2026-03-09" + "percentile": 0.43875, + "date": "2026-03-16" } ], "cwes": [ @@ -5774,8 +6587,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43824, - "date": "2026-03-09" + "percentile": 0.43875, + "date": "2026-03-16" } ], "cwes": [ @@ -5839,74 +6652,88 @@ }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5922,27 +6749,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b6ee860d702b8084", - "name": "libgssapi-krb5-2", - "version": "1.21.3-5", + "id": "4f3b916d8498c51d", + "name": "libsystemd0", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -5951,95 +6778,100 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { - "name": "krb5" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -6047,7 +6879,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6055,27 +6887,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "52ef833c1503e21a", - "name": "libk5crypto3", - "version": "1.21.3-5", + "id": "8105926f22d394d9", + "name": "systemd", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } @@ -6084,87 +6916,248 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/systemd@257.9-1~deb13u1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-2673", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2673", + "namespace": "debian:distro:debian:13", + "severity": "Unknown", + "urls": [], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.01 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" + ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0103 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.008925 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6179,121 +7172,155 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "d4c94f2fc66f3184", - "name": "libkrb5-3", - "version": "1.21.3-5", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-3784", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3784", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 6.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6308,27 +7335,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "56fc39be304d53f0", - "name": "libkrb5support0", - "version": "1.21.3-5", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } @@ -6337,117 +7364,101 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", + "id": "CVE-2026-3783", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3783", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "3.5.4-1~deb13u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.5.4-1~deb13u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.008925 + "advisories": [], + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -6463,65 +7474,41 @@ "version": "13" }, "package": { - "name": "openssl", - "version": "3.5.4-1~deb13u1" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.5.4-1~deb13u2" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd60076a5535e1af", - "name": "libssl3t64", - "version": "3.5.4-1~deb13u1", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3t64", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3t64/copyright", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/usr/share/doc/libssl3t64/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "openssl" + "name": "curl" } ] } @@ -6539,8 +7526,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6606,8 +7593,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6688,8 +7675,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6755,8 +7742,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6846,8 +7833,8 @@ { "cve": "CVE-2025-68160", "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ @@ -6912,8 +7899,8 @@ { "cve": "CVE-2025-68160", "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ @@ -7025,8 +8012,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -7090,8 +8077,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -7196,8 +8183,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3258, - "date": "2026-03-09" + "percentile": 0.32482, + "date": "2026-03-16" } ], "cwes": [ @@ -7258,8 +8245,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3258, - "date": "2026-03-09" + "percentile": 0.32482, + "date": "2026-03-16" } ], "cwes": [ @@ -7396,8 +8383,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -7409,8 +8396,17 @@ } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "2.41-12+deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "2.41-12+deb13u2", + "date": "2026-03-16", + "kind": "first-observed" + } + ] }, "advisories": [], "risk": 0.006360000000000001 @@ -7426,34 +8422,239 @@ "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00659, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 2.41-12+deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "2.41-12+deb13u2" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", + "namespace": "debian:distro:debian:13", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.8.9-3+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "3.8.9-3+deb13u1", + "date": "2026-01-11", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.0063 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.9 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7469,90 +8670,44 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "gnutls28", + "version": "3.8.9-3" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 3.8.9-3+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "3.8.9-3+deb13u1" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "0e0d3baf82fb14d6", + "name": "libgnutls30t64", + "version": "3.8.9-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgnutls30t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { - "name": "glibc" + "name": "gnutls28" } ] } @@ -7570,8 +8725,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7620,8 +8775,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7696,8 +8851,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7746,8 +8901,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7818,8 +8973,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7868,8 +9023,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7944,8 +9099,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7994,8 +9149,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -8053,160 +9208,6 @@ "upstreams": [] } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", - "namespace": "debian:distro:debian:13", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.8.9-3+deb13u1" - ], - "state": "fixed", - "available": [ - { - "version": "3.8.9-3+deb13u1", - "date": "2026-01-11", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0.00495 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "gnutls28", - "version": "3.8.9-3" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "< 3.8.9-3+deb13u1 (deb)" - }, - "fix": { - "suggestedVersion": "3.8.9-3+deb13u1" - } - } - ], - "artifact": { - "id": "0e0d3baf82fb14d6", - "name": "libgnutls30t64", - "version": "3.8.9-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30t64", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } - }, { "vulnerability": { "id": "CVE-2017-14159", @@ -8220,8 +9221,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00092, - "percentile": 0.25756, - "date": "2026-03-09" + "percentile": 0.25729, + "date": "2026-03-16" } ], "cwes": [ @@ -8280,8 +9281,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00092, - "percentile": 0.25756, - "date": "2026-03-09" + "percentile": 0.25729, + "date": "2026-03-16" } ], "cwes": [ @@ -8369,8 +9370,8 @@ { "cve": "CVE-2025-13034", "epss": 0.00008, - "percentile": 0.00651, - "date": "2026-03-09" + "percentile": 0.00648, + "date": "2026-03-16" } ], "cwes": [ @@ -8417,8 +9418,8 @@ { "cve": "CVE-2025-13034", "epss": 0.00008, - "percentile": 0.00651, - "date": "2026-03-09" + "percentile": 0.00648, + "date": "2026-03-16" } ], "cwes": [ @@ -8493,8 +9494,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8541,8 +9542,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8626,8 +9627,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8674,8 +9675,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8750,8 +9751,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8798,8 +9799,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8879,8 +9880,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8927,8 +9928,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -9003,8 +10004,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00072, - "percentile": 0.21754, - "date": "2026-03-09" + "percentile": 0.21722, + "date": "2026-03-16" } ], "cwes": [ @@ -9053,8 +10054,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00072, - "percentile": 0.21754, - "date": "2026-03-09" + "percentile": 0.21722, + "date": "2026-03-16" } ], "cwes": [ @@ -9142,8 +10143,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -9205,8 +10206,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -9313,8 +10314,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -9371,8 +10372,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -9484,8 +10485,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -9550,8 +10551,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -9650,8 +10651,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -9717,8 +10718,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -9799,8 +10800,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -9866,8 +10867,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -9944,8 +10945,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "percentile": 0.08352, + "date": "2026-03-16" } ], "cwes": [ @@ -9994,8 +10995,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "percentile": 0.08352, + "date": "2026-03-16" } ], "cwes": [ @@ -10069,9 +11070,9 @@ "epss": [ { "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ @@ -10093,7 +11094,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.001 + "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { @@ -10124,9 +11125,9 @@ "epss": [ { "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ @@ -10207,8 +11208,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00018, - "percentile": 0.04357, - "date": "2026-03-09" + "percentile": 0.0432, + "date": "2026-03-16" } ], "fix": { @@ -10250,8 +11251,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00018, - "percentile": 0.04357, - "date": "2026-03-09" + "percentile": 0.0432, + "date": "2026-03-16" } ] } @@ -10318,8 +11319,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -10367,8 +11368,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -10768,107 +11769,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/oss/grype-4.2.1.md b/docs/security/oss/grype-4.2.1.md index f311dfb..fd7ee7d 100644 --- a/docs/security/oss/grype-4.2.1.md +++ b/docs/security/oss/grype-4.2.1.md @@ -11,22 +11,28 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libpq5 | 17.6-0+deb13u1 | [CVE-2026-2006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2026-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005) | High | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | -| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libtasn1-6 | 4.20.0-2 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libc6 | 2.41-12 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | High | | libc6 | 2.41-12 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.41-12 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | | fluent-bit | 4.2.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Medium | | fluent-bit | 4.2.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 17.6-0+deb13u1 | [CVE-2026-2003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003) | Medium | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libgnutls30t64 | 3.8.9-3 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libsystemd0 | 257.9-1~deb13u1 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd | 257.9-1~deb13u1 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libgnutls30t64 | 3.8.9-3 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | @@ -50,11 +56,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libgcrypt20 | 1.11.0-7 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.41-12 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libldap2 | 2.6.10+dfsg-1 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | +| libldap2 | 2.6.10+dfsg-1 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libsystemd0 | 257.9-1~deb13u1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 257.9-1~deb13u1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | @@ -74,3 +80,4 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap2 | 2.6.10+dfsg-1 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Unknown | diff --git a/docs/security/oss/grype-4.2.2.json b/docs/security/oss/grype-4.2.2.json index 0f3a0cd..33498b5 100644 --- a/docs/security/oss/grype-4.2.2.json +++ b/docs/security/oss/grype-4.2.2.json @@ -26,8 +26,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -94,8 +94,8 @@ { "cve": "CVE-2025-15467", "epss": 0.0101, - "percentile": 0.7681, - "date": "2026-03-09" + "percentile": 0.76879, + "date": "2026-03-16" } ], "cwes": [ @@ -194,8 +194,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87877, - "date": "2026-03-09" + "percentile": 0.87925, + "date": "2026-03-16" } ], "cwes": [ @@ -329,8 +329,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87877, - "date": "2026-03-09" + "percentile": 0.87925, + "date": "2026-03-16" } ], "cwes": [ @@ -418,8 +418,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -484,8 +484,8 @@ { "cve": "CVE-2025-69420", "epss": 0.00199, - "percentile": 0.41813, - "date": "2026-03-09" + "percentile": 0.41829, + "date": "2026-03-16" } ], "cwes": [ @@ -584,8 +584,8 @@ { "cve": "CVE-2017-17740", "epss": 0.02871, - "percentile": 0.86062, - "date": "2026-03-09" + "percentile": 0.86102, + "date": "2026-03-16" } ], "cwes": [ @@ -647,8 +647,8 @@ { "cve": "CVE-2017-17740", "epss": 0.02871, - "percentile": 0.86062, - "date": "2026-03-09" + "percentile": 0.86102, + "date": "2026-03-16" } ], "cwes": [ @@ -735,9 +735,9 @@ "epss": [ { "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30109, - "date": "2026-03-09" + "epss": 0.00132, + "percentile": 0.32612, + "date": "2026-03-16" } ], "cwes": [ @@ -767,7 +767,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6133-1" } ], - "risk": 0.093725 + "risk": 0.10758000000000001 }, "relatedVulnerabilities": [ { @@ -796,9 +796,9 @@ "epss": [ { "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30109, - "date": "2026-03-09" + "epss": 0.00132, + "percentile": 0.32612, + "date": "2026-03-16" } ], "cwes": [ @@ -875,9 +875,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82337, - "date": "2026-03-09" + "epss": 0.01912, + "percentile": 0.83113, + "date": "2026-03-16" } ], "fix": { @@ -885,7 +885,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08785 + "risk": 0.09560000000000002 }, "relatedVulnerabilities": [ { @@ -929,9 +929,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82337, - "date": "2026-03-09" + "epss": 0.01912, + "percentile": 0.83113, + "date": "2026-03-16" } ] } @@ -998,8 +998,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80809, - "date": "2026-03-09" + "percentile": 0.80861, + "date": "2026-03-16" } ], "cwes": [ @@ -1061,8 +1061,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80809, - "date": "2026-03-09" + "percentile": 0.80861, + "date": "2026-03-16" } ], "cwes": [ @@ -1186,8 +1186,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1246,8 +1246,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1331,8 +1331,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1391,8 +1391,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1467,8 +1467,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1527,8 +1527,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1608,8 +1608,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1668,8 +1668,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80765, - "date": "2026-03-09" + "percentile": 0.80819, + "date": "2026-03-16" } ], "cwes": [ @@ -1756,9 +1756,9 @@ "epss": [ { "cve": "CVE-2026-2006", - "epss": 0.00075, - "percentile": 0.22442, - "date": "2026-03-09" + "epss": 0.00087, + "percentile": 0.24841, + "date": "2026-03-16" } ], "cwes": [ @@ -1788,7 +1788,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6133-1" } ], - "risk": 0.061125000000000006 + "risk": 0.070905 }, "relatedVulnerabilities": [ { @@ -1817,9 +1817,9 @@ "epss": [ { "cve": "CVE-2026-2006", - "epss": 0.00075, - "percentile": 0.22442, - "date": "2026-03-09" + "epss": 0.00087, + "percentile": 0.24841, + "date": "2026-03-16" } ], "cwes": [ @@ -1909,9 +1909,9 @@ "epss": [ { "cve": "CVE-2026-2005", - "epss": 0.00066, - "percentile": 0.20179, - "date": "2026-03-09" + "epss": 0.00076, + "percentile": 0.22508, + "date": "2026-03-16" } ], "cwes": [ @@ -1941,7 +1941,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6133-1" } ], - "risk": 0.053790000000000004 + "risk": 0.06194000000000001 }, "relatedVulnerabilities": [ { @@ -1970,9 +1970,9 @@ "epss": [ { "cve": "CVE-2026-2005", - "epss": 0.00066, - "percentile": 0.20179, - "date": "2026-03-09" + "epss": 0.00076, + "percentile": 0.22508, + "date": "2026-03-16" } ], "cwes": [ @@ -2039,21 +2039,21 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:13", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2061,77 +2061,55 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-12818", + "epss": 0.00096, + "percentile": 0.26549, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ - "3.5.4-1~deb13u2" + "17.7-0+deb13u1" ], "state": "fixed", "available": [ { - "version": "3.5.4-1~deb13u2", - "date": "2026-01-27", - "kind": "advisory" + "version": "17.7-0+deb13u1", + "date": "2026-01-19", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.048749999999999995 + "advisories": [], + "risk": 0.052320000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2139,17 +2117,17 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00065, - "percentile": 0.19862, - "date": "2026-03-09" + "cve": "CVE-2025-12818", + "epss": 0.00096, + "percentile": 0.26549, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -2165,103 +2143,82 @@ "version": "13" }, "package": { - "name": "openssl", - "version": "3.5.4-1~deb13u1" + "name": "postgresql-17", + "version": "17.6-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 17.7-0+deb13u1 (deb)" }, "fix": { - "suggestedVersion": "3.5.4-1~deb13u2" + "suggestedVersion": "17.7-0+deb13u1" } } ], "artifact": { - "id": "cd60076a5535e1af", - "name": "libssl3t64", - "version": "3.5.4-1~deb13u1", + "id": "4876b68eb369aa41", + "name": "libpq5", + "version": "17.6-0+deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3t64", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3t64/copyright", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/usr/share/doc/libssl3t64/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { - "name": "openssl" + "name": "postgresql-17" } ] } }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2285,49 +2242,61 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.045445 + "risk": 0.048749999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00061, - "percentile": 0.18856, - "date": "2026-03-09" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.1984, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2350,7 +2319,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" }, "fix": { @@ -2432,9 +2401,9 @@ "epss": [ { "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ @@ -2450,7 +2419,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.044250000000000005 + "risk": 0.0465 }, "relatedVulnerabilities": [ { @@ -2482,9 +2451,9 @@ "epss": [ { "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18364, - "date": "2026-03-09" + "epss": 0.00062, + "percentile": 0.19134, + "date": "2026-03-16" } ], "cwes": [ @@ -2549,41 +2518,220 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", - "cvss": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.0086, - "percentile": 0.74743, - "date": "2026-03-09" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.1884, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.043000000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", - "namespace": "nvd:cpe", + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.045445 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.1884, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74804, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.043000000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", @@ -2620,8 +2768,8 @@ { "cve": "CVE-2019-9192", "epss": 0.0086, - "percentile": 0.74743, - "date": "2026-03-09" + "percentile": 0.74804, + "date": "2026-03-16" } ], "cwes": [ @@ -2745,8 +2893,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00856, - "percentile": 0.74696, - "date": "2026-03-09" + "percentile": 0.74757, + "date": "2026-03-16" } ], "cwes": [ @@ -2808,8 +2956,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00856, - "percentile": 0.74696, - "date": "2026-03-09" + "percentile": 0.74757, + "date": "2026-03-16" } ], "cwes": [ @@ -2922,21 +3070,21 @@ }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2944,55 +3092,56 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22241, - "date": "2026-03-09" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ - "17.7-0+deb13u1" + "2.41-12+deb13u2" ], "state": "fixed", "available": [ { - "version": "17.7-0+deb13u1", - "date": "2026-01-19", + "version": "2.41-12+deb13u2", + "date": "2026-03-16", "kind": "first-observed" } ] }, "advisories": [], - "risk": 0.040330000000000005 + "risk": 0.039749999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3000,17 +3149,17 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22241, - "date": "2026-03-09" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16388, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -3026,167 +3175,30 @@ "version": "13" }, "package": { - "name": "postgresql-17", - "version": "17.6-0+deb13u1" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 17.7-0+deb13u1 (deb)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 2.41-12+deb13u2 (deb)" }, "fix": { - "suggestedVersion": "17.7-0+deb13u1" + "suggestedVersion": "2.41-12+deb13u2" } } ], "artifact": { - "id": "4876b68eb369aa41", - "name": "libpq5", - "version": "17.6-0+deb13u1", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libpq5", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", - "upstreams": [ - { - "name": "postgresql-17" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:13", - "severity": "High", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.039749999999999994 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16377, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "glibc", - "version": "2.41-12" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } @@ -3280,8 +3292,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -3346,8 +3358,8 @@ { "cve": "CVE-2026-22796", "epss": 0.00077, - "percentile": 0.22754, - "date": "2026-03-09" + "percentile": 0.22725, + "date": "2026-03-16" } ], "cwes": [ @@ -3461,8 +3473,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.21438, - "date": "2026-03-09" + "percentile": 0.21424, + "date": "2026-03-16" } ], "cwes": [ @@ -3554,8 +3566,8 @@ { "cve": "CVE-2025-66199", "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ @@ -3614,8 +3626,8 @@ { "cve": "CVE-2025-66199", "epss": 0.00064, - "percentile": 0.19756, - "date": "2026-03-09" + "percentile": 0.19722, + "date": "2026-03-16" } ], "cwes": [ @@ -3703,91 +3715,96 @@ }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Low", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70355, - "date": "2026-03-09" + "cve": "CVE-2025-12817", + "epss": 0.0011, + "percentile": 0.29293, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "17.7-0+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "17.7-0+deb13u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0323 + "risk": 0.03355 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70355, - "date": "2026-03-09" + "cve": "CVE-2025-12817", + "epss": 0.0011, + "percentile": 0.29293, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -3802,38 +3819,181 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "postgresql-17", + "version": "17.6-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 17.7-0+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "17.7-0+deb13u1" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "4876b68eb369aa41", + "name": "libpq5", + "version": "17.6-0+deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", + "upstreams": [ + { + "name": "postgresql-17" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70426, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0323 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" + ], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70426, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010024", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", @@ -3892,21 +4052,21 @@ }, { "vulnerability": { - "id": "CVE-2025-15468", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15468", + "id": "CVE-2026-1965", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-1965", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3914,59 +4074,47 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "3.5.4-1~deb13u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.5.4-1~deb13u2", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.02834 + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15468", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "id": "CVE-2026-1965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", - "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", - "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", - "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json" ], - "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3974,17 +4122,17 @@ ], "epss": [ { - "cve": "CVE-2025-15468", - "epss": 0.00052, - "percentile": 0.15861, - "date": "2026-03-09" + "cve": "CVE-2026-1965", + "epss": 0.00054, + "percentile": 0.16488, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-15468", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-1965", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4000,220 +4148,112 @@ "version": "13" }, "package": { - "name": "openssl", - "version": "3.5.4-1~deb13u1" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-15468", - "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.5.4-1~deb13u2" + "vulnerabilityID": "CVE-2026-1965", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd60076a5535e1af", - "name": "libssl3t64", - "version": "3.5.4-1~deb13u1", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3t64", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3t64/copyright", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/usr/share/doc/libssl3t64/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "openssl" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2026-3805", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3805", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16375, - "date": "2026-03-09" + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", + "cve": "CVE-2026-3805", + "cwe": "CWE-416", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.2.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "4bf1f6f079d3164c", - "name": "fluent-bit", - "version": "4.2.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:389679d63ab333a8f66731ea1ca44c92298c8346f1b5fd0f859f38645c8af44d", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.2.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0055, - "percentile": 0.67585, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-385", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0275 + "risk": 0.03075 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2026-3805", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://hackerone.com/reports/3591944", + "http://www.openwall.com/lists/oss-security/2026/03/11/4" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4221,25 +4261,25 @@ ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0055, - "percentile": 0.67585, - "date": "2026-03-09" + "cve": "CVE-2026-3805", + "epss": 0.00041, + "percentile": 0.12095, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-385", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-3805", + "cwe": "CWE-416", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4247,27 +4287,27 @@ "version": "13" }, "package": { - "name": "libgcrypt20", - "version": "1.11.0-7" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2026-3805", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5826072934743d2f", - "name": "libgcrypt20", - "version": "1.11.0-7", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } @@ -4276,104 +4316,119 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-15468", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15468", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66224, - "date": "2026-03-09" + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.025750000000000002 + "risk": 0.02834 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66224, - "date": "2026-03-09" + "cve": "CVE-2025-15468", + "epss": 0.00052, + "percentile": 0.15869, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4381,15 +4436,262 @@ "version": "13" }, "package": { - "name": "libgcrypt20", - "version": "1.11.0-7" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" - } + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16387, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.2.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "4bf1f6f079d3164c", + "name": "fluent-bit", + "version": "4.2.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:389679d63ab333a8f66731ea1ca44c92298c8346f1b5fd0f859f38645c8af44d", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.2.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67658, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0275 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67658, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "libgcrypt20", + "version": "1.11.0-7" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } } ], "artifact": { @@ -4441,9 +4743,9 @@ "epss": [ { "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.14888, - "date": "2026-03-09" + "epss": 0.00056, + "percentile": 0.17356, + "date": "2026-03-16" } ], "cwes": [ @@ -4473,7 +4775,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6133-1" } ], - "risk": 0.022785 + "risk": 0.026039999999999994 }, "relatedVulnerabilities": [ { @@ -4502,9 +4804,9 @@ "epss": [ { "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.14888, - "date": "2026-03-09" + "epss": 0.00056, + "percentile": 0.17356, + "date": "2026-03-16" } ], "cwes": [ @@ -4571,21 +4873,155 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:13", - "severity": "Low", + "severity": "Negligible", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [], + "epss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.6631, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.025750000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" + ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.6631, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "libgcrypt20", + "version": "1.11.0-7" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2018-6829", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5826072934743d2f", + "name": "libgcrypt20", + "version": "1.11.0-7", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14831", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "namespace": "debian:distro:debian:13", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4593,55 +5029,65 @@ ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20185, - "date": "2026-03-09" + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "17.7-0+deb13u1" + "3.8.9-3+deb13u2" ], "state": "fixed", "available": [ { - "version": "17.7-0+deb13u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.8.9-3+deb13u2", + "date": "2026-02-18", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.02013 + "advisories": [ + { + "id": "DSA-6140-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" + } + ], + "risk": 0.023175 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", + "https://gitlab.com/gnutls/gnutls/-/issues/1773" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4649,17 +5095,17 @@ ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20185, - "date": "2026-03-09" + "cve": "CVE-2025-14831", + "epss": 0.00045, + "percentile": 0.13657, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4675,30 +5121,30 @@ "version": "13" }, "package": { - "name": "postgresql-17", - "version": "17.6-0+deb13u1" + "name": "gnutls28", + "version": "3.8.9-3" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 17.7-0+deb13u1 (deb)" + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 3.8.9-3+deb13u2 (deb)" }, "fix": { - "suggestedVersion": "17.7-0+deb13u1" + "suggestedVersion": "3.8.9-3+deb13u2" } } ], "artifact": { - "id": "4876b68eb369aa41", - "name": "libpq5", - "version": "17.6-0+deb13u1", + "id": "0e0d3baf82fb14d6", + "name": "libgnutls30t64", + "version": "3.8.9-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } @@ -4707,12 +5153,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", + "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { - "name": "postgresql-17" + "name": "gnutls28" } ] } @@ -4743,8 +5189,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00039, - "percentile": 0.11553, - "date": "2026-03-09" + "percentile": 0.11565, + "date": "2026-03-16" } ], "cwes": [ @@ -4792,8 +5238,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00039, - "percentile": 0.11553, - "date": "2026-03-09" + "percentile": 0.11565, + "date": "2026-03-16" } ], "cwes": [ @@ -4868,8 +5314,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00394, - "percentile": 0.59883, - "date": "2026-03-09" + "percentile": 0.59944, + "date": "2026-03-16" } ], "cwes": [ @@ -4920,8 +5366,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00394, - "percentile": 0.59883, - "date": "2026-03-09" + "percentile": 0.59944, + "date": "2026-03-16" } ], "cwes": [ @@ -5034,174 +5480,19 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.8.9-3+deb13u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.8.9-3+deb13u2", - "date": "2026-02-18", - "kind": "advisory" - } - ] - }, - "advisories": [ - { - "id": "DSA-6140-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" - } - ], - "risk": 0.019055 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" - ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14831", - "epss": 0.00037, - "percentile": 0.10602, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "gnutls28", - "version": "3.8.9-3" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "< 3.8.9-3+deb13u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.8.9-3+deb13u2" - } - } - ], - "artifact": { - "id": "0e0d3baf82fb14d6", - "name": "libgnutls30t64", - "version": "3.8.9-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30t64", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54089, - "date": "2026-03-09" + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-03-16" } ], "fix": { @@ -5267,8 +5558,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54089, - "date": "2026-03-09" + "percentile": 0.54168, + "date": "2026-03-16" } ] } @@ -5361,100 +5652,679 @@ "public-domain" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "namespace": "debian:distro:debian:13", + "severity": "Medium", + "urls": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.0003, + "percentile": 0.08206, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.015449999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.0003, + "percentile": 0.08206, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "curl", + "version": "8.14.1-2+deb13u2" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-14524", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "2.41-12+deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "2.41-12+deb13u2", + "date": "2026-03-16", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.014249999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00019, + "percentile": 0.04619, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "< 2.41-12+deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "2.41-12+deb13u2" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" + ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "krb5", + "version": "1.21.3-5" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b6ee860d702b8084", + "name": "libgssapi-krb5-2", + "version": "1.21.3-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" + ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "krb5", + "version": "1.21.3-5" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "52ef833c1503e21a", + "name": "libk5crypto3", + "version": "1.21.3-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.015449999999999998 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14524.html", - "https://curl.se/docs/CVE-2025-14524.json", - "https://hackerone.com/reports/3459417", - "http://www.openwall.com/lists/oss-security/2026/01/07/4" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5471,27 +6341,27 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "d4c94f2fc66f3184", + "name": "libkrb5-3", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -5500,100 +6370,92 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.014249999999999999 + "risk": 0.0125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00019, - "percentile": 0.04647, - "date": "2026-03-09" + "cve": "CVE-2024-26458", + "epss": 0.0025, + "percentile": 0.47959, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5608,90 +6470,41 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "56fc39be304d53f0", + "name": "libkrb5support0", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } @@ -5709,8 +6522,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43824, - "date": "2026-03-09" + "percentile": 0.43875, + "date": "2026-03-16" } ], "cwes": [ @@ -5774,8 +6587,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43824, - "date": "2026-03-09" + "percentile": 0.43875, + "date": "2026-03-16" } ], "cwes": [ @@ -5839,74 +6652,88 @@ }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5922,27 +6749,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b6ee860d702b8084", - "name": "libgssapi-krb5-2", - "version": "1.21.3-5", + "id": "4f3b916d8498c51d", + "name": "libsystemd0", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -5951,95 +6778,100 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { - "name": "krb5" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.01053 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-4105", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.7, + "exploitabilityScore": 0.8, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-4105", + "epss": 0.00018, + "percentile": 0.04442, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", + "cve": "CVE-2026-4105", + "cwe": "CWE-284", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -6047,7 +6879,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6055,27 +6887,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "52ef833c1503e21a", - "name": "libk5crypto3", - "version": "1.21.3-5", + "id": "8105926f22d394d9", + "name": "systemd", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } @@ -6084,87 +6916,248 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/systemd@257.9-1~deb13u1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-2673", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2673", + "namespace": "debian:distro:debian:13", + "severity": "Unknown", + "urls": [], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.01 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2673", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://openssl-library.org/news/secadv/20260313.txt", + "http://www.openwall.com/lists/oss-security/2026/03/13/3" + ], + "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2026-2673", + "epss": 0.0002, + "percentile": 0.05034, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2673", + "cwe": "CWE-757", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2026-2673", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0103 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.008925 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03718, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6179,121 +7172,155 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "d4c94f2fc66f3184", - "name": "libkrb5-3", - "version": "1.21.3-5", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-3784", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3784", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0103 + "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2026-3784", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://hackerone.com/reports/3584903", + "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 6.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42713, - "date": "2026-03-09" + "cve": "CVE-2026-3784", + "epss": 0.00015, + "percentile": 0.0296, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-3784", + "cwe": "CWE-305", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6308,27 +7335,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "56fc39be304d53f0", - "name": "libkrb5support0", - "version": "1.21.3-5", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } @@ -6337,117 +7364,101 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", + "id": "CVE-2026-3783", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3783", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "3.5.4-1~deb13u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.5.4-1~deb13u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.008925 + "advisories": [], + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2026-3783", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://hackerone.com/reports/3583983", + "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00017, - "percentile": 0.03749, - "date": "2026-03-09" + "cve": "CVE-2026-3783", + "epss": 0.00016, + "percentile": 0.03394, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-3783", + "cwe": "CWE-522", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -6463,65 +7474,41 @@ "version": "13" }, "package": { - "name": "openssl", - "version": "3.5.4-1~deb13u1" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.5.4-1~deb13u2" + "vulnerabilityID": "CVE-2026-3783", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd60076a5535e1af", - "name": "libssl3t64", - "version": "3.5.4-1~deb13u1", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3t64", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3t64/copyright", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/usr/share/doc/libssl3t64/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "openssl" + "name": "curl" } ] } @@ -6539,8 +7526,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6606,8 +7593,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6688,8 +7675,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6755,8 +7742,8 @@ { "cve": "CVE-2023-31437", "epss": 0.0016, - "percentile": 0.3668, - "date": "2026-03-09" + "percentile": 0.36652, + "date": "2026-03-16" } ], "cwes": [ @@ -6846,8 +7833,8 @@ { "cve": "CVE-2025-68160", "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ @@ -6912,8 +7899,8 @@ { "cve": "CVE-2025-68160", "epss": 0.00016, - "percentile": 0.03618, - "date": "2026-03-09" + "percentile": 0.03598, + "date": "2026-03-16" } ], "cwes": [ @@ -7025,8 +8012,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -7090,8 +8077,8 @@ { "cve": "CVE-2025-11187", "epss": 0.00013, - "percentile": 0.01937, - "date": "2026-03-09" + "percentile": 0.01851, + "date": "2026-03-16" } ], "cwes": [ @@ -7196,8 +8183,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3258, - "date": "2026-03-09" + "percentile": 0.32482, + "date": "2026-03-16" } ], "cwes": [ @@ -7258,8 +8245,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3258, - "date": "2026-03-09" + "percentile": 0.32482, + "date": "2026-03-16" } ], "cwes": [ @@ -7396,8 +8383,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "percentile": 0.00659, + "date": "2026-03-16" } ], "cwes": [ @@ -7409,8 +8396,17 @@ } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "2.41-12+deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "2.41-12+deb13u2", + "date": "2026-03-16", + "kind": "first-observed" + } + ] }, "advisories": [], "risk": 0.006360000000000001 @@ -7426,34 +8422,239 @@ "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00659, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 2.41-12+deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "2.41-12+deb13u2" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", + "namespace": "debian:distro:debian:13", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.8.9-3+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "3.8.9-3+deb13u1", + "date": "2026-01-11", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.0063 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/errata/RHSA-2026:4188", + "https://access.redhat.com/errata/RHSA-2026:4655", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, + "baseScore": 4, "exploitabilityScore": 2.6, - "impactScore": 5.9 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00008, - "percentile": 0.00662, - "date": "2026-03-09" + "cve": "CVE-2025-9820", + "epss": 0.00014, + "percentile": 0.02226, + "date": "2026-03-16" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7469,90 +8670,44 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "gnutls28", + "version": "3.8.9-3" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 3.8.9-3+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "3.8.9-3+deb13u1" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "0e0d3baf82fb14d6", + "name": "libgnutls30t64", + "version": "3.8.9-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgnutls30t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { - "name": "glibc" + "name": "gnutls28" } ] } @@ -7570,8 +8725,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7620,8 +8775,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7696,8 +8851,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7746,8 +8901,8 @@ { "cve": "CVE-2023-31438", "epss": 0.00125, - "percentile": 0.31697, - "date": "2026-03-09" + "percentile": 0.31613, + "date": "2026-03-16" } ], "cwes": [ @@ -7818,8 +8973,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7868,8 +9023,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7944,8 +9099,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -7994,8 +9149,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00117, - "percentile": 0.30532, - "date": "2026-03-09" + "percentile": 0.30434, + "date": "2026-03-16" } ], "cwes": [ @@ -8053,160 +9208,6 @@ "upstreams": [] } }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", - "namespace": "debian:distro:debian:13", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.8.9-3+deb13u1" - ], - "state": "fixed", - "available": [ - { - "version": "3.8.9-3+deb13u1", - "date": "2026-01-11", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0.00495 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2026:3477", - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9820", - "epss": 0.00011, - "percentile": 0.01404, - "date": "2026-03-09" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "gnutls28", - "version": "3.8.9-3" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "< 3.8.9-3+deb13u1 (deb)" - }, - "fix": { - "suggestedVersion": "3.8.9-3+deb13u1" - } - } - ], - "artifact": { - "id": "0e0d3baf82fb14d6", - "name": "libgnutls30t64", - "version": "3.8.9-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30t64", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } - }, { "vulnerability": { "id": "CVE-2017-14159", @@ -8220,8 +9221,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00092, - "percentile": 0.25756, - "date": "2026-03-09" + "percentile": 0.25729, + "date": "2026-03-16" } ], "cwes": [ @@ -8280,8 +9281,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00092, - "percentile": 0.25756, - "date": "2026-03-09" + "percentile": 0.25729, + "date": "2026-03-16" } ], "cwes": [ @@ -8369,8 +9370,8 @@ { "cve": "CVE-2025-13034", "epss": 0.00008, - "percentile": 0.00651, - "date": "2026-03-09" + "percentile": 0.00648, + "date": "2026-03-16" } ], "cwes": [ @@ -8417,8 +9418,8 @@ { "cve": "CVE-2025-13034", "epss": 0.00008, - "percentile": 0.00651, - "date": "2026-03-09" + "percentile": 0.00648, + "date": "2026-03-16" } ], "cwes": [ @@ -8493,8 +9494,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8541,8 +9542,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8626,8 +9627,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8674,8 +9675,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8750,8 +9751,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8798,8 +9799,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8879,8 +9880,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -8927,8 +9928,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.23808, - "date": "2026-03-09" + "percentile": 0.23787, + "date": "2026-03-16" } ], "cwes": [ @@ -9003,8 +10004,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00072, - "percentile": 0.21754, - "date": "2026-03-09" + "percentile": 0.21722, + "date": "2026-03-16" } ], "cwes": [ @@ -9053,8 +10054,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00072, - "percentile": 0.21754, - "date": "2026-03-09" + "percentile": 0.21722, + "date": "2026-03-16" } ], "cwes": [ @@ -9142,8 +10143,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -9205,8 +10206,8 @@ { "cve": "CVE-2026-27171", "epss": 0.00006, - "percentile": 0.0041, - "date": "2026-03-09" + "percentile": 0.00408, + "date": "2026-03-16" } ], "cwes": [ @@ -9313,8 +10314,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -9371,8 +10372,8 @@ { "cve": "CVE-2025-15469", "epss": 0.00006, - "percentile": 0.00275, - "date": "2026-03-09" + "percentile": 0.00272, + "date": "2026-03-16" } ], "cwes": [ @@ -9484,8 +10485,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -9550,8 +10551,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00249, - "date": "2026-03-09" + "percentile": 0.00247, + "date": "2026-03-16" } ], "cwes": [ @@ -9650,8 +10651,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -9717,8 +10718,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -9799,8 +10800,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -9866,8 +10867,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12457, - "date": "2026-03-09" + "percentile": 0.12451, + "date": "2026-03-16" } ], "cwes": [ @@ -9944,8 +10945,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "percentile": 0.08352, + "date": "2026-03-16" } ], "cwes": [ @@ -9994,8 +10995,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08381, - "date": "2026-03-09" + "percentile": 0.08352, + "date": "2026-03-16" } ], "cwes": [ @@ -10069,9 +11070,9 @@ "epss": [ { "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ @@ -10093,7 +11094,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.001 + "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { @@ -10124,9 +11125,9 @@ "epss": [ { "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05004, - "date": "2026-03-09" + "epss": 0.00021, + "percentile": 0.05254, + "date": "2026-03-16" } ], "cwes": [ @@ -10207,8 +11208,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00018, - "percentile": 0.04357, - "date": "2026-03-09" + "percentile": 0.0432, + "date": "2026-03-16" } ], "fix": { @@ -10250,8 +11251,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00018, - "percentile": 0.04357, - "date": "2026-03-09" + "percentile": 0.0432, + "date": "2026-03-16" } ] } @@ -10318,8 +11319,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -10367,8 +11368,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00568, - "date": "2026-03-09" + "percentile": 0.00566, + "date": "2026-03-16" } ], "cwes": [ @@ -10768,107 +11769,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", - "built": "2026-03-10T06:26:23Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-17T00:29:22Z_1773729242.tar.zst?checksum=sha256%3A553a433a587c8efe9e0f74e49b0e1fc9be515d5e7d1baa8e811b6195daa9cba8", + "built": "2026-03-17T06:34:02Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-03-10T00:28:42Z", - "input": "xxh64:914c7d889a9ad6e4" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:02734b1113b92e27" }, "alpine": { - "captured": "2026-03-10T00:29:23Z", - "input": "xxh64:25eafb15ac8f0457" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:5c0731265d73677d" }, "amazon": { - "captured": "2026-03-10T00:28:51Z", - "input": "xxh64:f1524ad7fca6ccc5" + "captured": "2026-03-17T00:29:28Z", + "input": "xxh64:77255f62b024db74" }, "arch": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:4eed2069a473253d" + "captured": "2026-03-17T00:29:22Z", + "input": "xxh64:297009568c20edcf" }, "bitnami": { - "captured": "2026-03-10T00:28:46Z", - "input": "xxh64:22340b5dbac27b45" + "captured": "2026-03-17T00:30:20Z", + "input": "xxh64:da1719a12c3a20e8" }, "chainguard": { - "captured": "2026-03-10T00:30:34Z", - "input": "xxh64:fd3509f725533511" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:13f93780b74f2ba2" }, "chainguard-libraries": { - "captured": "2026-03-10T00:29:01Z", - "input": "xxh64:085997f0850e7672" + "captured": "2026-03-17T00:29:32Z", + "input": "xxh64:aa7f320c00cf2951" }, "debian": { - "captured": "2026-03-10T00:28:59Z", - "input": "xxh64:90f9c10c3453be35" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:fc031dc7e2f07382" }, "echo": { - "captured": "2026-03-10T00:29:32Z", - "input": "xxh64:9e17e49e2ae0d768" + "captured": "2026-03-17T00:29:31Z", + "input": "xxh64:93d228c363e781b0" }, "eol": { - "captured": "2026-03-10T00:28:41Z", - "input": "xxh64:6b1487e45bfe23c2" + "captured": "2026-03-17T00:29:37Z", + "input": "xxh64:940bb9e2fb7a56ff" }, "epss": { - "captured": "2026-03-10T00:29:08Z", - "input": "xxh64:c400799398adc6a9" + "captured": "2026-03-17T00:29:30Z", + "input": "xxh64:8ad62585748fafe5" }, "fedora": { - "captured": "2026-03-10T00:28:37Z", - "input": "xxh64:64cf8da43d1c7dba" + "captured": "2026-03-17T00:29:35Z", + "input": "xxh64:2042d8e0e5f725e2" }, "github": { - "captured": "2026-03-10T00:28:48Z", - "input": "xxh64:e65095049bbbdc06" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:a2d54cf4fca703dd" }, "kev": { - "captured": "2026-03-10T00:28:50Z", - "input": "xxh64:ab4d9286aeedd36c" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:458267e918a9bd7e" }, "mariner": { - "captured": "2026-03-10T00:28:56Z", - "input": "xxh64:8bddd8a5fb75e7bf" + "captured": "2026-03-17T00:29:34Z", + "input": "xxh64:ce28f39be13a159f" }, "minimos": { - "captured": "2026-03-10T00:29:46Z", - "input": "xxh64:f3d667690d5145b4" + "captured": "2026-03-17T00:29:24Z", + "input": "xxh64:25b91c2ba41d7d72" }, "nvd": { - "captured": "2026-03-10T00:28:28Z", - "input": "xxh64:ea89de7a4cda0c74" + "captured": "2026-03-17T00:30:17Z", + "input": "xxh64:fce05625a36b827f" }, "oracle": { - "captured": "2026-03-10T00:28:43Z", - "input": "xxh64:226d35a2f709e58f" + "captured": "2026-03-17T00:29:39Z", + "input": "xxh64:327cae31738b16b2" }, "photon": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:8da4574a8cf30ab1" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:9f11f2b45282448f" }, "rhel": { - "captured": "2026-03-10T00:28:54Z", - "input": "xxh64:1fd0425e2eb8271a" + "captured": "2026-03-17T00:30:25Z", + "input": "xxh64:a87eec433f2243cf" }, "secureos": { - "captured": "2026-03-10T00:28:49Z", - "input": "xxh64:6e743e35d2d2d3ad" + "captured": "2026-03-17T00:29:26Z", + "input": "xxh64:9a8daa50c8b4aafd" }, "sles": { - "captured": "2026-03-10T00:28:10Z", - "input": "xxh64:d14c4d9c3ab004ea" + "captured": "2026-03-17T00:29:40Z", + "input": "xxh64:a6cd9bf7723a16cf" }, "ubuntu": { - "captured": "2026-03-10T00:29:57Z", - "input": "xxh64:38b59255718311cd" + "captured": "2026-03-17T00:30:51Z", + "input": "xxh64:7b3c6ccb06745e52" }, "wolfi": { - "captured": "2026-03-10T00:28:45Z", - "input": "xxh64:b5f026d68146042e" + "captured": "2026-03-17T00:29:33Z", + "input": "xxh64:a21c22e83a3756ea" } } } diff --git a/docs/security/oss/grype-4.2.2.md b/docs/security/oss/grype-4.2.2.md index baf96b1..30fc28f 100644 --- a/docs/security/oss/grype-4.2.2.md +++ b/docs/security/oss/grype-4.2.2.md @@ -11,22 +11,28 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libpq5 | 17.6-0+deb13u1 | [CVE-2026-2006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2026-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005) | High | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | -| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libtasn1-6 | 4.20.0-2 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libc6 | 2.41-12 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2026-3805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3805) | High | | libc6 | 2.41-12 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.41-12 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | | fluent-bit | 4.2.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2026-1965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Medium | | fluent-bit | 4.2.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 17.6-0+deb13u1 | [CVE-2026-2003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003) | Medium | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libgnutls30t64 | 3.8.9-3 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libsystemd0 | 257.9-1~deb13u1 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | +| systemd | 257.9-1~deb13u1 | [CVE-2026-4105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2026-3784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2026-3783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libgnutls30t64 | 3.8.9-3 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | @@ -50,11 +56,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libgcrypt20 | 1.11.0-7 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.41-12 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libldap2 | 2.6.10+dfsg-1 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | +| libldap2 | 2.6.10+dfsg-1 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libsystemd0 | 257.9-1~deb13u1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 257.9-1~deb13u1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | @@ -74,3 +80,4 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap2 | 2.6.10+dfsg-1 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2026-2673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2673) | Unknown |